Yes, I have seen that documentation, and tried the format as listed there.

Unfortunately it didn't work.

Cheers.

Also, I should add that I am trying to get it working with a standalone RADIUS server, not the Cisco product shown in the document above.

the cisco doc give the guideline for HSE been authenticated in TACACS+ /Radius. But not for the CSS/CSM. One thing maybe helpful is adding the CSS/CSM devices to ACS server.

Let me know if this guide solves the issue for you. If not please let me know where we are missing (noting the other comment about adding device to the RADIUS as well for it's own authentication tasks). u

http://www.cisco.com/en/US/products/sw/cscowork/ps150/prod_connection_guide09186a00802b2bae.html

Cheers,

David K.

Thanks for the replies guys.

The guide linked by dkirsch seems to be the same document that was linked earlier.

I am using the Radiator RADIUS server, not ACS or CiscoWorks.

The authentication part works, and the RADIUS server sends back a Radius-Accept to the HSE, it seems to be that the cisco-avpair that I am sending back is wrong, and the HSE doesn't know what to do with it.

I've tried sending back "HSE:groups=HSEAdmin" in the response, and several variations, but the HSE doesn't like it.

It would be great if I could work out what the HSE expects in the reply so I can make RADIUS tell the HSE what group a user belongs to.

Cheers.