Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Different policies for different AD Groups

I have a S650 version 5.5.2-030 for Web; and my network is a mixed novell e-direcotory / Microsoft AD. For now the global policy is set so that no authentication is required because we don't want that the users not in AD have to put their credentials evry time they have to go online.
Now i want to apply a restrictive policy for a Group in AD, and what i tried to do is to create a new policy (under Web Aaccess Policy), applied to all subnets, and "Define Policy Group Members by Authentication", but the result was that everybody else had the login box when they tried to surf internet.
Is there any solution to specify different policy for different groups without requiring authentications?

New Member

Re: Different policies for different AD Groups


You cannot defined which clients to authenticate based on user or group information - because in order to know the user / groups you must authenticate.

You can specify to only authenticate certain subnets or user-agents.

On a side note: I highly recommend upgrading to 5.6.2. It has vast improvements on how we handle authentication.

Also, the version you are on is very old and has many issues that have been fixed.

New Member

Re: Different policies for different AD Groups

Thank you for your reply.
Yesterday i upgraded the OS indeed.
I kinda guessed that it is not possible, infact, to make it work, i specified the subnets for the particoular policies. I still had some problems with the macintosh (expecially the ones with OS 10.5) but i solved the problem setting a different comunication port on the clients and creating a new identity for clients that comunicate on that port.

CreatePlease to create content