×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ACS AAA authorization problem on ASA

Unanswered Question
Jul 25th, 2012
User Badges:

Hi All,


i have create a one profile on PIX/ASA Command Authorization Sets & MAP with Group & Ldap with My AD. but authentication is not done as per the set parameter on command authorization in ACS.


i am using Cisco ASA 5505 & ACS 4.2.

Regards,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mauzamor Wed, 07/25/2012 - 05:25
User Badges:
  • Bronze, 100 points or more

Hi there,


Authentication and Authorization are two separate things in TACACS+, before you can get to authorization you need to successfully authenticate first. Your Command Authorization settings are not related to your authentication settings.


Once you are authenticated, the ACS will use the Command Authorization information configured in your ACS group, if you are not getting assigned the right authorization profile could be because  you are not getting assigned into the right ACS group which points to a Group Mapping issue, however it will be a good idea if you can share more information with us like the failed/passed authentication, in which group your Command Authorization set is configured, how is your Group Mapping configured, etc.

Actions

This Discussion