Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I can get it to authenticate. But I've read some posts on ACS 4.2 and authorization, but I don't find anything similar.I want to control down to what commands the authenticated user can run. I want the defintion to come fromthe ACS server, or at le...
I must be stupid.I have an external LDAP server, (like openldap, but it is an old netscape one).I can't authenticate against it. I can anonymous bind against it. but that is it.I don't want groups or any attributes. I simply want to say User X pass...
We want to use eap-ttls and ldap (not AD). That isn't supported.So we want to go PEAP, but the only methods are PEAP-MSCHAP or PEAP-GTC. Now the docs say PEAP-GTC supports ldap on the identity store.So is GTC simply GTC without a token card? (simpl...
I have everything working on a new 5.2 ACS but:I can only make a command set that permits things and denies all.I thought with the check box " Permit any command that is not in the table bel...
I am new to ACS.What I want to do is talk to another radius server (safeword) and authenticate users against it on a linux host using pam_radius.What is the minimum steps to do this? (setup groups/policy/users) Using radtest, I can authenticate a l...
You don't need to do one or other. The remote clause is the default if no tier is assigned.In our case, we specify the readonly cases explicitly, since it changes less frequently, and allow our admins readwriteby default via remote. That way, we do...
I gave up. The example screenshots were of 4.2 and I tried to get that to work with no luck.It would be nice to give people the correct tier from TACACS, but i have a workaround.
Well, I got something to work. I let TACACS do the authentication, I changed the remote user tobe readonly/tier1. Then I have to create an account for each admin that is tier3/readwrite.Not pretty, but it works.There must be a more elegant solution...
So either it was ldap connection hung, or the Cert was wrong. When I hit the test button, either shouldhave spit up some relevant debug stuff (Connection could not be started) or like (SSL connectioncould not be initiated) but it just went out to l...
Well, I got it to work.It was either a CAcert was wrong, or a reboot that cleared the ldap connections. Once I tested with a simple 389 server and authenticated, I could see what is supposed to be returned and my settingswere correct. I redid it wi...
