05-14-2010 08:41 AM - edited 03-10-2019 05:08 PM
Hi Has anyone managed to get an Auth Policy within an Access Service to match devices based on Identity Group Membership?
My Auth Rule looks like this but doesn't ever got hit???
05-14-2010 03:43 PM
Hi,
When you say devices based on identity group membership, do you mean external groups because I could see that you have selected AD in your compound condition. Looks like you have added this attribute inside the Active directory > directory attributes.
If this is for ACS internal groups then we may try some more stuff
Regds,
JK
Do rate helpful posts-
05-17-2010 01:39 AM
Hi JK,
This is using internal groups. The compound condition I'm using matches System:IdentityGroup in All Groups:IPPhones. Then the phone in question is a member of the ID group IPPhones. I've also tried setting the compound condition to Internal Users:UserIdentityGroup in All Groups:IPPhones but still to no avail.
Thanks
Rhodri
05-17-2010 05:05 AM
Lets try this way. VPN is an internal group and firewall is an device here.
05-17-2010 12:29 PM
I have almost the exact same matching policy and it works fine.
Does your authentication pass successfully? What does the AAA report tell you? Maybe it hits other rules first.
Thanks,
Tao
05-18-2010 07:40 AM
Hmmm all very strange. I configured this on an Eval copy of ACS. This morning the real box arrived so once installed I'll try this again and report the results back here.
Thanks gentlemen for your assistance
Rhodri
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide