Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5540 and Radius

Here is what I am trying to accomplish using an ASA 5540/Steel-Belted Radius/Active Directory. When a user connects via SSL they are able to select a group from the drop-down list on the login page.

Unfortunately as long as they have a valid active directory account they can log in to any group that is available.

Is it possible to set up Radius/Active Directory to pass a group back to the ASA based on the username? In other words, the ASA is given the group that individual belongs to by the Radius box as opposed to allowing the individual to select which group to login under.

Hope this makes sense. Any help is appreciated. David

2 REPLIES
Cisco Employee

Re: ASA 5540 and Radius

David,

You can assign the RADIUS server to send a group back to the ASA to which the user has to be assigned to.

You can specify on the IETF RADIUS class OU=grouppolicy; This attribute will assign the user to a policy which can be tied to a group.

Rate this post, if it helps you out.

Cheers

Gilbert

New Member

Re: ASA 5540 and Radius

Thanks for your thoughts. That gives me a place to start. Have a good weekend. David

197
Views
3
Helpful
2
Replies
CreatePlease login to create content