05-23-2007 06:52 AM - edited 02-21-2020 01:31 AM
Here is what I am trying to accomplish using an ASA 5540/Steel-Belted Radius/Active Directory. When a user connects via SSL they are able to select a group from the drop-down list on the login page.
Unfortunately as long as they have a valid active directory account they can log in to any group that is available.
Is it possible to set up Radius/Active Directory to pass a group back to the ASA based on the username? In other words, the ASA is given the group that individual belongs to by the Radius box as opposed to allowing the individual to select which group to login under.
Hope this makes sense. Any help is appreciated. David
05-25-2007 12:24 PM
David,
You can assign the RADIUS server to send a group back to the ASA to which the user has to be assigned to.
You can specify on the IETF RADIUS class OU=grouppolicy; This attribute will assign the user to a policy which can be tied to a group.
Rate this post, if it helps you out.
Cheers
Gilbert
05-25-2007 12:32 PM
Thanks for your thoughts. That gives me a place to start. Have a good weekend. David
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide