Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACS 5.1 and MS Active Directory

I have an installed base of ACS 5.1 and MS AD. Some users are allowed to dial-in via VPN based on the attribute "msNPAllowDialin=True" within AD while others have no permission.

Whenever ACS send an LDAP-request to AD to retrieve the attributes it gets the value of msNPAllowDialin=false according to the following report.

Cisco-AVPairs:

Other Attributes:

ACSVersion=acs-5.1.0.44-B.2347
ConfigVersionId=66
Device Port=35919
RadiusPacketType=AccessRequest
Protocol=Radius
IdentityDn=CN=aba,OU=Standard,OU=Users,OU=LLB_LI,OU=Organisation,DC=llb,DC=root,DC=net
msNPAllowDialin=false
Device IP Address=172.27.60.20

I would like to use this attribute via authorization-policies to grant or deny access via VPN.

I'm running patch-level 5.1.0.44.3.

is this a known bug or do I miss something ?

Any support is very much appreciated

Roman

1 REPLY
505
Views
0
Helpful
1
Replies
CreatePlease to create content