Anyone have an idea?? What I'm trying to do is to authenticate management access to an ACE 4710 against a Microsoft IAS server.

According to the document below:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/security/guide/aaa.html#wp1519045

it sounds like I need to be able to modify user attributes similar to what I know is doable in ACS. I base my assumption on this because of the following statement in the link above:

"Step 3 Go to the User Setup section of the Cisco Secure ACS HTML interface and double-click the name of an existing user that you want to define a user profile attribute for virtualization. The User Setup page appears.

Step 4 Under the TACACS+ Settings section of the page, configure the following settings:

•Click the Shell (exec) check box.

•Click the Custom attributes check box.

•In the text box under the Custom attributes, enter the user role and associated domain for a specific context in the following format:

shell:<contextname>=<role> <domain1> <domain2>...<domainN>"

Is something like this possible in IAS??

I have the authentication piece working for the ACE however when I login, I'm assigned an ACE defined default role of 'network-monitor' which gives me only read-only access. The way I'm interpreting what needs to be done to resolve this is to have the authentication server send an attribute value that states that the user is in the role 'Admin' in which case I'll have unlimited access to my ACE.

Make sense?? Any thoughts??

Thanks in advance.

-Lloyd