12-25-2012 09:22 AM - edited 03-10-2019 07:55 PM
Hi People,
I have Integrated the ACS 5.3 with AD.
Now my next goal is to Integrate ACS with RSA in such a way that all my Cisco devices should use the username and password from the AD.
The enable privilege level should come from the RSA Token OTP.
Is it possible to do such a thing with ACS 5.3???
If so how could i do it???
Thanks,
Manoj
Solved! Go to Solution.
12-26-2012 03:21 PM
I think that can try and make a rule in the identity policy based on the Service attribute in the TACACS+ dictionary
(this is not tested and based on my recollection so would need your verification)
1) Create a custom condition for the service attribute in TACACS+ dictionary
Policy Elements > Session Conditions > Custom
Create: Dictionary: TACACS+ ; Attribute:Service
2) Utilize in a rule in Device Admin identity policy
Access Policies > Access Services > Default Device Admin > Identity
Sselect a rule based
Customize based on condition in 1
Create a rule for when Service is "Enable". Select identity source as RSA in this case
12-26-2012 03:21 PM
I think that can try and make a rule in the identity policy based on the Service attribute in the TACACS+ dictionary
(this is not tested and based on my recollection so would need your verification)
1) Create a custom condition for the service attribute in TACACS+ dictionary
Policy Elements > Session Conditions > Custom
Create: Dictionary: TACACS+ ; Attribute:Service
2) Utilize in a rule in Device Admin identity policy
Access Policies > Access Services > Default Device Admin > Identity
Sselect a rule based
Customize based on condition in 1
Create a rule for when Service is "Enable". Select identity source as RSA in this case
01-09-2013 03:05 AM
Hi,
Thanks for the input.
I see that i dont need to create a custom attribute anymore because its already available in the tacas+ dictionary.
What i did to have this working was
Access Policies>Access Services>Default Device Admin>Identity.
Selected a new rule.
Customized it to have a compound condition.
Under Dictionary> Tacacs+>Service Enumeration>Enable
Select the identity source as RSA and we are good to go.
Thanks
01-09-2013 03:55 AM
Gald it helped
You won't need a custom condition if being used in a compound condition
Custom condition allows you to select this as one of the columns in the rule table
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide