Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
902
Views
0
Helpful
1
Replies

ACS AAA authorization problem on ASA

hirenparekh12
Level 1
Level 1

‎07-25-2012 02:24 AM - edited ‎03-10-2019 07:20 PM

Hi All,

i have create a one profile on PIX/ASA Command Authorization Sets & MAP with Group & Ldap with My AD. but authentication is not done as per the set parameter on command authorization in ACS.

i am using Cisco ASA 5505 & ACS 4.2.

Regards,

Labels:
0 Helpful
1 Reply 1

mauzamor
Level 1
Level 1

‎07-25-2012 05:25 AM

Hi there,

Authentication and Authorization are two separate things in TACACS+, before you can get to authorization you need to successfully authenticate first. Your Command Authorization settings are not related to your authentication settings.

Once you are authenticated, the ACS will use the Command Authorization information configured in your ACS group, if you are not getting assigned the right authorization profile could be because  you are not getting assigned into the right ACS group which points to a Group Mapping issue, however it will be a good idea if you can share more information with us like the failed/passed authentication, in which group your Command Authorization set is configured, how is your Group Mapping configured, etc.

0 Helpful
Customers Also Viewed These Support Documents