Solved: feature "Proxy Distribution Table" in ACS 5.2?

edvznadm · ‎11-29-2010

Hello!

Is it possible to have something similar to the ACS 4.2 proxy distribution table in ACS 5.2?

I need to authenticate my users with ACS against AD and let guests authenticate against external radius proxies.

In 4.2 I manage this with the proxy distribution table: the suffix @ourdomain points to my ACS and the rest goes to 2 proxy radius servers.

In 5.2 I can define a Service Selection Policy with Service Type "RADIUS Proxy" but I can't define a rule to test against a realm or username and based on this result authenticate locally or send it to the proxy radius servers.

Any idea how this can be done in 5.2?

Thanks,

Wolfgang

jrabinow · ‎11-29-2010

I think can be done as follows driven off the user-name in the RADIUS request

1) Create definition of proxy RADIUS servers:Network Resources > External RADIUS Servers

2) Create proxy service:Access Policies > Access Services > Create:

User Selected Service Type should be "RADIUS Proxy" and select RADIUS server from option 1)

3) Create Custom conditions for user name attribute:Policy Elements > Session Conditions > Custom

Dictionary should be "RADIUS-IETF"

Attribute should be "User-Name"

4) Modify service selection policy.

Go to:Access Policies > Access Services > Service Selection Rules

Press "Customize" and select "User-Name" condition that was created in step 3). Press OK

Now add a rule to check the user name and forward to necessary proxy server

For example condition: "if User-Name ends-with @ourdomain "

result: Proxy service created in step 2)

View solution in original post

jrabinow · ‎11-29-2010