Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NCS with RADIUS authentication

I would like to setup NCS to use windows 2008 NPS to authenticate users against AD user group.

Sent from Cisco Technical Support iPad App

1 REPLY
New Member

NCS with RADIUS authentication

Hi,

After more than a little trial and error, I've finally been able to do this. Here are the steps:

1. Create a RADIUS client (RADIUS standard) for your NCS.

2. Create a new network policy and populate as follows:

a. Grant Access in "Overview" Tab.

b. In the "Conditions" Tab,  Add your AD user group in the "Windows Groups" field and add your NCS to thee "Client IPv4 Address" field.

c. In the "Settings" tab under RADIUS Attributes, add "Service-Type" with the value of "Administrative" (for admin type access) or "Login" (for user type access). Under "Vendor Specific" attributes, add "Cisco-AV-Pair" with a vendor of "Cisco". Now comes the boring bit. In the "Value" field you have to copy the "Task List" for the relevent user group, line by line (93 in total for the admin group), finishing with "NCS:virtual-domain0=ROOT-DOMAIN" (this last line is the bit that is different to WCS and caught me out).

3. One other thing which caught me out was that I had to allow ICMP in on the Windows Firewall on my NPS for this to work. I have no idea why but I was so pleased to finally get it working that I didn't care

I hope this helps.

Cheers,

1472
Views
10
Helpful
1
Replies