Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
580
Views
0
Helpful
3
Replies

MS IAS (radius) and authentication login

kir_mischenko
Level 1
Level 1

‎02-19-2007 12:48 AM - edited ‎03-10-2019 02:59 PM

hello

I configure my cisco devices by

aaa new model

aaa authentication login group radiussrv local

config radiussrv group all is OK

but all users authenticated by radius have access to shell. but i need to give cisco shell access only to one group in AD... other groups are used to easyvpn xauth

how to separate them?

Labels:
0 Helpful
3 Replies 3

kaachary
Cisco Employee
Cisco Employee

‎02-19-2007 03:18 AM

Hi,

The required setting needs to be done on IAS.

On IOS, there's nothin much you can do.

HTH,

Kanishka

0 Helpful

kir_mischenko
Level 1
Level 1
In response to kaachary

‎02-19-2007 03:31 AM

well i know this

can you help about it?

I have a strange situation - 2 ias policy one for admin group in AD, other for VPN users in AD... but the result is only authenticate or not... VPN users have acess to shell...

0 Helpful

daviddtran
Level 1
Level 1
In response to kir_mischenko

‎02-19-2007 03:41 AM

I am not if radius can do this but I am not an

expert with radius.

This can be done with freeware tacacs very

easily throught authorization. I've done it

many times myself.

David

CCIE Security

0 Helpful
Customers Also Viewed These Support Documents