Trying to figure out the config to allow us to log into our NME-CUE module's using a RADIUS authentication server for all user user accounts and attributes.
I have got it set up and working in that I can authenticate a RADIUS/local user to the system, inheriting the local user attributes (specifically the Administrators group) for user Authorization, but what I want to be able to do is hold Authentication AND Authorization data only on the RADIUS server, i.e. No requirement to have ANY local users configured on the system for Administration (save a fallback account for emergencies when the RADIUS sever is unavailable).
I can't seem to find in any documentation anywhere what RADIUS user attributes etc can, or have to be passed to the CUE instance which will provide Authorization for RADIUS uers. The has to be a User Group Attribute or something that RADIUS reply's to the CUE with that provides user Authorization information.
For anyone interested, contacted the TAC and they gave me a solution.
Get the RADIUS server to send through a Cisco-av-pair attribute with the value “fndn:groups=Administrators”.
Also allows you to create groups on the CUE and assign users to whatever group you want, i.e. create a group with privileges to manage users, call it "groupManageUsers" and assign users to the group with the cisco-av-pair AV "fndn:groups=groupManageUsers". Users assigned to that group can only manager user account, but don't have full admin access to the system
I'm not able to access my old voice mail messages all of a sudden. The recording says something like 'the message is currently not available'. This has never happened before in all the years I have been using this system. I have t...
If you have 2 ISR routers, one acting as Failover, do we need to have both the same number of SRST licenses on the 2 routers?
No. You will only need the SRST licenses on the primary router. Because this feature...