Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Acs 5.3 - wireless conversion from 4.0

Hi All

As previous posters may have noticed i have been given the task of moving the ACS

from 4.0 to 5.3 which turns out to be considerably different.

Sadly i have nothing to test with at the moment so am trying to work it out as best i can

before the abbreviated period of cutover begins.

I have a Service Desk group setting in 4.0

Under groups i have the group settings  and down the bottom i have the following -

(ticked )  Wireless-WCS HTTP

(ticked ) Custom Attributes

Then in the box -

virtual-domain0=CRUK

role0=LobbyAmbassador

task0=Configure Guest Users

task1=Lobby Ambassador User Preferences

Fine but that doesnt translate directly into any 5.3 settings.

I assume that i would do the following

In policy elements create a shell profile (Service Desk) with the following settings -

Privilege level 0

Custom attributes

Manually entered -   

attribute              requirement              Value

virtual-domain      mandatory               virtual-domain0=CRUK

role                    mandatory               role0=LobbyAmbassador

task0                 mandatory               task0=Configure Guest Users

task1                 mandatory               task1=Lobby Ambassador User Preferences

submit that and then go to  -

Access Policies/default device admin/Authorisation

Create a new Rule

Add  the correct AD group in compound condition AD-AD1   attribute ExternalGroups  value static

in NDG:Device Type -  reference the WLC (previously created as device type with ip address)

Then in Results reference the above shell profile - Service Desk.

Sorry about the longevity but if this looks ok or rubbish can someone let me know as i wont

have much time to get it working with the real wireless

Thanks in advance

Steve

Everyone's tags (7)
2 REPLIES
Cisco Employee

Acs 5.3 - wireless conversion from 4.0

Steve,

The process is correct.. However Iam pointing out the following mistakes

It should not be

virtual-domain      mandatory               virtual-domain0=CRUK

rather it should be

virtual-domain0      mandatory               CRUK

In 4.x , virtual-domain0=CRUK means virtual-domain0 is the attribute and CRUK is the value.. Pls follow the same for all the AV pairs listed above..

-Mani

Cisco Employee

Acs 5.3 - wireless conversion from 4.0

Check this post which contains everything you need:

https://supportforums.cisco.com/docs/DOC-17909

--------------------------------------------------------------------------------

Please Make sure to rate correct answers

439
Views
0
Helpful
2
Replies