Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MS IAS (radius) and authentication login

hello

I configure my cisco devices by

aaa new model

aaa authentication login group radiussrv local

config radiussrv group all is OK

but all users authenticated by radius have access to shell. but i need to give cisco shell access only to one group in AD... other groups are used to easyvpn xauth

how to separate them?

3 REPLIES
Cisco Employee

Re: MS IAS (radius) and authentication login

Hi,

The required setting needs to be done on IAS.

On IOS, there's nothin much you can do.

HTH,

Kanishka

New Member

Re: MS IAS (radius) and authentication login

well i know this

can you help about it?

I have a strange situation - 2 ias policy one for admin group in AD, other for VPN users in AD... but the result is only authenticate or not... VPN users have acess to shell...

New Member

Re: MS IAS (radius) and authentication login

I am not if radius can do this but I am not an

expert with radius.

This can be done with freeware tacacs very

easily throught authorization. I've done it

many times myself.

David

CCIE Security

231
Views
0
Helpful
3
Replies