Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Using RADUIS with NT 4.0 PDC - allow ony specific users to access the net?

What I want to accomplish, is to use RADIUS to authenticate users to the Inernet. I don't want all users to access the Internet, only a portion of them. I'm using a Pix 515 with 6.2 software. I have RADIUS installed on our NT 4.0 PDC. What I need to know is how do I allow some users to connect to the Internet, but not all users?

Do I need to install RADIUS on a different server and manage the userids on that server?

  • AAA Identity and NAC
3 REPLIES
Cisco Employee

Re: Using RADUIS with NT 4.0 PDC - allow ony specific users to a

Set up authentication for traffic through the PIX as per http://www.cisco.com/warp/public/110/atp52.html

Then in Windows NT put all the users that you want to have Internet access into a specific NT group (create a new one if need be).

On ACS set it up to authenticate users to the external NT database. Add a Database Group Mapping, and map the Windows NT group that you just created to a particular ACS group. Map everyone else to the default group.

Now modify the default ACS group and in the Per User Defined Network Access Restrictions, check the Define IP-based access restrictions, make sure the table defines the Denied NAS's, then add the PIX in to the AAA Client section (use * in the Port and Address sections), and hit Enter to add it to the list.

This says that users in this ACS group (which is everyone EXCEPT the users you want to have Internet access), can't authenticate to the PIX, effectively denying them access through it.

New Member

Re: Using RADUIS with NT 4.0 PDC - allow ony specific users to a

Thanks for the info.

How do I get ACS? We are a pretty small shop and I am doing the basic PIX Firewall configurations and I am not familiar with ACS. I looked on Cisco's site and found some info, but not on actually geting ACS.

I have NT 4.0, what version of ACS should I get?

Thanks again for your help, it is greatly appreciated.

Regards,

Gary

New Member

Re: Using RADUIS with NT 4.0 PDC - allow ony specific users to a

When I access a web site it ask me for "Http authentication" which is correct, when I use an Windows NT 4.0 ID & password that I setup it locks out the NT account.

HELP !!!

109
Views
0
Helpful
3
Replies