Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 3.1, RADIUS and LDAP

Hi,

I'm using ACS 3.1 with an access server and RADIUS. We maintain two user databases: one i n ACS and one in Novell eDirectory. We want to deal only with one databse in the future, the Novell eDirectory one. I can set up the ACS box to work with the eDirectory to do authentication, but how about the RADIUS attributes values that are defined by user in the ACS database (like call back number, client assigned IP address, etc). Is it possible to have those attributes in the LDAP direcory (Novell eDirectory)? Can the ACS retrive those values and pass them to the RADIUS client?

Thanks all.

3 REPLIES
Cisco Employee

Re: ACS 3.1, RADIUS and LDAP

You can set up external database group mappings, and map your Novell users into an ACS group. Then simply check those Radius attributes in that ACS group and they'll be returned as normal.

Keep in mind that even though your authenticating to an external database, after the first successful authentication takes place, ACS will store that username in its internal database. It doesn't store the password, cause it still has to go to the external database to get that each time, but you can look that user up just like you can with an internal user. You can also change their attributes individually just like you can with an internal user.

New Member

Re: ACS 3.1, RADIUS and LDAP

Thank you for your response. It sounds good if I use only group level RADIUS attributes, but what if I need to set up call back numbers and IP addresses by user? Is ACS capable of retriving these attributes from LDAP?

New Member

Re: ACS 3.1, RADIUS and LDAP

The only information that ACS can use from LDAP is the username, password, and group membership.

I have open a case and this the response

Q: Do you know if ACS 3.1.1can read this IP addressof LDAP.

In LDAP database i use the attribute "ipHostNumber"

A:Eric I am sorry to say that NO that is not an attribute that ACS can use ,as far as future support as far as I know there is no attempt being made to support that yet . One way to help push the proccess along woyuld be to contact you "accout " team and submit a feature request. I tried the number listed for you but there was no response. I am moving your case to a close oend for now and will be waiting for your approval to close if this was your only question! Once again I am sorry for the bad news.....

218
Views
0
Helpful
3
Replies
CreatePlease login to create content