Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.0 and RADIUS attribute Class

Hi!

We have a setup with ASA and ACS 5.0 and are trying to send Radius attribute Class (25) back from the ACS to the ASA to assign Group-policy.

The problem we have is that the ACS responds with somekind of session-id in as value for the class-attribute (for example "SERVERXX/12345678/08") instead of the value we have configured (for example "OU=GRP1").

Have we configured something wrong?

This is an evaluation-version of ACS.

Best regards,

Fredrik

6 REPLIES
Silver

Re: ACS 5.0 and RADIUS attribute Class

Before you can enable attributes on a per-user basis, you must enable the Per-user TACACS+/RADIUS Attributes option on the Advanced Options page in the Interface Configuration section. After enabling per-user attributes, a user column will appear as disabled in the Interface Configuration page for that attribute.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_RADAtr.html

New Member

Re: ACS 5.0 and RADIUS attribute Class

Hi!

I cannot find this option in ACS 5.0.

I do receive per-user attibutes, the only thing is that the class-attribute contains the wrong information (i.e. not the information i typed in).

New Member

Re: ACS 5.0 and RADIUS attribute Class

Hello,

Did you find a way to send the good class-attribute as I'm experiencing the same problem with ACS5.

Regards

New Member

Re: ACS 5.0 and RADIUS attribute Class

No, we have not found a solution yet.

We might use another software instead.

Regards

Cisco Employee

Re: ACS 5.0 and RADIUS attribute Class

There is in fact a bug open for this issue and it is planned to be included in the next patch for 5.0, patch 8. This should be posted to CCO by the week ending Aug 28th

Cisco Employee

Re: ACS 5.0 and RADIUS attribute Class

ACS 5.0.0.21.8 cumulative patch is ready on CCO and includes this fix

Download from: CCO / Support / Download Software

http://www.cisco.com/kobayashi/sw-center/index.shtml

Select: Security / Identity Management / Cisco Secure Access Control System / 5.0.0.21

Patch filename: 5-0-0-21-8.tar.gpg

Readme and installation instructions: Acs-5.0.0.21.8-Readme.txt

917
Views
0
Helpful
6
Replies