Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
806
Views
0
Helpful
2
Replies

ACS 5.2 AD authentication restriction failure

Go to solution
ferran
Level 1
Level 1

‎08-25-2011 01:29 AM - edited ‎03-10-2019 06:20 PM

I've my ACS linked with AD to give administration access to few network devices and I've created an access policy to link my AD groups with those network devices and command sets.

Unfortunately I found I can use any user from my AD to login to my devices. Only LOGIN, the authorization definition is restricting the command set for those users.

How can I restrict the LOGIN to an specific AD group?

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nicolas Darchis
Cisco Employee
Cisco Employee

‎08-26-2011 12:45 AM

Can you detail your policy configuration ?

Are you doing radius or tacacs ?

If you return an authorization profile "deny access" it should be good enough in radius. Not sure about tacacs though.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Nicolas Darchis
Cisco Employee
Cisco Employee

‎08-26-2011 12:45 AM

Can you detail your policy configuration ?

Are you doing radius or tacacs ?

If you return an authorization profile "deny access" it should be good enough in radius. Not sure about tacacs though.

0 Helpful

Go to solution
ferran
Level 1
Level 1
In response to Nicolas Darchis

‎08-26-2011 12:59 AM

You were right in my policy the default rule had a permit access insted of deny. I can confirm it works now and I'm using TACACS by the way.

Thanks a lot!!!!

0 Helpful
Customers Also Viewed These Support Documents