Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1997
Views
0
Helpful
2
Replies

Cisco ASA integration with Radius AD NPS

Ahmed.Y.Eissa
Level 1
Level 1

‎03-27-2018 12:24 AM - edited ‎02-21-2020 07:33 AM

Cisco ASA is configured with below commands and integrated with Active Direcoty NPS.

aaa-server Radius protocol radius
aaa-server Radius (MGT) host 1.1.1.1
key 12345678
authentication-port 1812
accounting-port 1813
!
!
aaa authentication http console Radius LOCAL
aaa authentication enable console Radius LOCAL
aaa authentication ssh console Radius LOCAL
aaa authorization exec authentication-server

 

My main goal is to have two privileges Read-Write and Read-only so i configured on AD NPS

Configure Settings screen in Vendor Specific section add Cisco-AV-Pair parameter with value:

  • shell:priv-lvl=15 – for Security-Admins policy which will enforce privilege level 15
  • shell:priv-lvl=1 – for Security-Support policy which will enforce privilege level 1

Should it work ??

 

Labels:
0 Helpful
2 Replies 2

Bogdan Nita
VIP Alumni
VIP Alumni

‎03-27-2018 01:02 AM

The config seems correct, long time ago the ASA did not support the exec authorization features, but now that can be activated using aaa authorization exec authentication-server (command you already have).

Did you apply the config and having problems ?

0 Helpful

Ahmed.Y.Eissa
Level 1
Level 1
In response to Bogdan Nita

‎03-27-2018 01:04 AM

I am about to but didnt test it , so asking about configuration validity and if someone has done it before?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card