I'm using ACS 3.1 with an access server and RADIUS. We maintain two user databases: one i n ACS and one in Novell eDirectory. We want to deal only with one databse in the future, the Novell eDirectory one. I can set up the ACS box to work with the eDirectory to do authentication, but how about the RADIUS attributes values that are defined by user in the ACS database (like call back number, client assigned IP address, etc). Is it possible to have those attributes in the LDAP direcory (Novell eDirectory)? Can the ACS retrive those values and pass them to the RADIUS client?
You can set up external database group mappings, and map your Novell users into an ACS group. Then simply check those Radius attributes in that ACS group and they'll be returned as normal.
Keep in mind that even though your authenticating to an external database, after the first successful authentication takes place, ACS will store that username in its internal database. It doesn't store the password, cause it still has to go to the external database to get that each time, but you can look that user up just like you can with an internal user. You can also change their attributes individually just like you can with an internal user.
Thank you for your response. It sounds good if I use only group level RADIUS attributes, but what if I need to set up call back numbers and IP addresses by user? Is ACS capable of retriving these attributes from LDAP?
The only information that ACS can use from LDAP is the username, password, and group membership.
I have open a case and this the response
Q: Do you know if ACS 3.1.1can read this IP addressof LDAP.
In LDAP database i use the attribute "ipHostNumber"
A:Eric I am sorry to say that NO that is not an attribute that ACS can use ,as far as future support as far as I know there is no attempt being made to support that yet . One way to help push the proccess along woyuld be to contact you "accout " team and submit a feature request. I tried the number listed for you but there was no response. I am moving your case to a close oend for now and will be waiting for your approval to close if this was your only question! Once again I am sorry for the bad news.....
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :