03-04-2016 12:39 AM - edited 03-10-2019 11:32 PM
Hello,
maybe someone can help me with this:
I would like to assign a dacl from an attribute I get from the AD user object that is being authorized.
So for example, I configure "ACL-test" in ISE, the same name is assigned to an AD user.
Now I want to assign this ACL in an Authorization Profile with the value I get from the AD attribute.
Under Authorization Profiles, I cannot assign an AD attribute du the "DACL Name" in Common Tasks.
Does anyone have an idea how to do this with ISE 2.0?
Thanks,
Joerg
Solved! Go to Solution.
03-04-2016 08:59 AM
I doubt you can do that, you would have to use the AD attribute as a condition in the authz rules, and then match that with an authorization profile, that then contains your DACL setting. This of course means you will need one rule per different DACL you wan't to use.
03-04-2016 08:59 AM
I doubt you can do that, you would have to use the AD attribute as a condition in the authz rules, and then match that with an authorization profile, that then contains your DACL setting. This of course means you will need one rule per different DACL you wan't to use.
03-07-2016 04:59 AM
That was also my guess, I hoped there will be some way around this.
For now, I will configure the ACLs on the ASA and assign them via Radius:Filter-ID = "AD-Attribute of choice" in the authorization profile.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide