Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

VPN concentrator to pass user group information to IAS server?

All,

get the feeling the answer will be no, but we have replaced our MS RAS server with a VPN concentrator 3030 using a IAS server to do the authentication on a Win2k3 domain. The issue we are having is that some people are sharing the pcf files with people from other groups. As the IAS just validates the user password, and checks they are in a VPN allowed group which is then allowing them more access than they should, is there anyway for the concentrator to pass the group information to a IAS server to be checked as well? If not does anyone know of a way to check people's ID using the remote access VPN are in the correct group that they are connecting with?

sorry I think I've made the above as clear as mud!

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: VPN concentrator to pass user group information to IAS serve

Don't know about your question, but you can cause the IAS server to assign a group to a user by adding the class attribute to a specific IAS security policy. Add class = OU=groupname; (don't omit semicolon)to the RADIUS attributes for IAS policy against which a user will auth, and this will be passed back to the 3030, which will assign them to the appropriate group.

Hope this helps.

1 REPLY
New Member

Re: VPN concentrator to pass user group information to IAS serve

Don't know about your question, but you can cause the IAS server to assign a group to a user by adding the class attribute to a specific IAS security policy. Add class = OU=groupname; (don't omit semicolon)to the RADIUS attributes for IAS policy against which a user will auth, and this will be passed back to the 3030, which will assign them to the appropriate group.

Hope this helps.

134
Views
0
Helpful
1
Replies
CreatePlease to create content