03-27-2018 12:24 AM - edited 02-21-2020 07:33 AM
Cisco ASA is configured with below commands and integrated with Active Direcoty NPS.
aaa-server Radius protocol radius
aaa-server Radius (MGT) host 1.1.1.1
key 12345678
authentication-port 1812
accounting-port 1813
!
!
aaa authentication http console Radius LOCAL
aaa authentication enable console Radius LOCAL
aaa authentication ssh console Radius LOCAL
aaa authorization exec authentication-server
My main goal is to have two privileges Read-Write and Read-only so i configured on AD NPS
Configure Settings screen in Vendor Specific section add Cisco-AV-Pair parameter with value:
Should it work ??
03-27-2018 01:02 AM
The config seems correct, long time ago the ASA did not support the exec authorization features, but now that can be activated using aaa authorization exec authentication-server (command you already have).
Did you apply the config and having problems ?
03-27-2018 01:04 AM
I am about to but didnt test it , so asking about configuration validity and if someone has done it before?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: