Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
869
Views
0
Helpful
2
Replies

Acs 5.3 - wireless conversion from 4.0

steve switzer
Level 1
Level 1

‎05-18-2012 04:44 AM - edited ‎03-10-2019 07:05 PM

Hi All

As previous posters may have noticed i have been given the task of moving the ACS

from 4.0 to 5.3 which turns out to be considerably different.

Sadly i have nothing to test with at the moment so am trying to work it out as best i can

before the abbreviated period of cutover begins.

I have a Service Desk group setting in 4.0

Under groups i have the group settings  and down the bottom i have the following -

(ticked )  Wireless-WCS HTTP

(ticked ) Custom Attributes

Then in the box -

virtual-domain0=CRUK

role0=LobbyAmbassador

task0=Configure Guest Users

task1=Lobby Ambassador User Preferences

Fine but that doesnt translate directly into any 5.3 settings.

I assume that i would do the following

In policy elements create a shell profile (Service Desk) with the following settings -

Privilege level 0

Custom attributes

Manually entered -   

attribute              requirement              Value

virtual-domain      mandatory               virtual-domain0=CRUK

role                    mandatory               role0=LobbyAmbassador

task0                 mandatory               task0=Configure Guest Users

task1                 mandatory               task1=Lobby Ambassador User Preferences

submit that and then go to  -

Access Policies/default device admin/Authorisation

Create a new Rule

Add  the correct AD group in compound condition AD-AD1   attribute ExternalGroups  value static

in NDG:Device Type -  reference the WLC (previously created as device type with ip address)

Then in Results reference the above shell profile - Service Desk.

Sorry about the longevity but if this looks ok or rubbish can someone let me know as i wont

have much time to get it working with the real wireless

Thanks in advance

Steve

Labels:
0 Helpful
2 Replies 2

mansrini
Level 1
Level 1

‎05-21-2012 09:39 PM

Steve,

The process is correct.. However Iam pointing out the following mistakes

It should not be

virtual-domain      mandatory               virtual-domain0=CRUK

rather it should be

virtual-domain0      mandatory               CRUK

In 4.x , virtual-domain0=CRUK means virtual-domain0 is the attribute and CRUK is the value.. Pls follow the same for all the AV pairs listed above..

-Mani

0 Helpful

maldehne
Cisco Employee
Cisco Employee

‎05-21-2012 10:33 PM

Check this post which contains everything you need:

https://supportforums.cisco.com/docs/DOC-17909

--------------------------------------------------------------------------------

Please Make sure to rate correct answers

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents