Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACS AAA authorization problem on ASA

Hi All,

i have create a one profile on PIX/ASA Command Authorization Sets & MAP with Group & Ldap with My AD. but authentication is not done as per the set parameter on command authorization in ACS.

i am using Cisco ASA 5505 & ACS 4.2.

Regards,

1 REPLY
Silver

ACS AAA authorization problem on ASA

Hi there,

Authentication and Authorization are two separate things in TACACS+, before you can get to authorization you need to successfully authenticate first. Your Command Authorization settings are not related to your authentication settings.

Once you are authenticated, the ACS will use the Command Authorization information configured in your ACS group, if you are not getting assigned the right authorization profile could be because  you are not getting assigned into the right ACS group which points to a Group Mapping issue, however it will be a good idea if you can share more information with us like the failed/passed authentication, in which group your Command Authorization set is configured, how is your Group Mapping configured, etc.

357
Views
0
Helpful
1
Replies
CreatePlease to create content