cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

712
Views
0
Helpful
4
Replies
Beginner

to assign static ip from active directory to dialin user

Hi everybody. I have dialin router which work and routers assign ip from his local pool. i would like to do like that User from active directory in his properties page I assign to him static ip.

What additional configuration do I need that it's work. All dialin user authentification go through radius from active directory.

thanks before

4 REPLIES 4
Highlighted
Contributor

Re: to assign static ip from active directory to dialin user

CiscoSecure ACS grants authorization based on the CiscoSecure ACS group to which the user is assigned. While the group to which a user is assigned can be determined by information from the Windows user database, it is CiscoSecure ACS that grants authorization privileges. CiscoSecure ACS grants authorization based on the CiscoSecure ACS group to which the user is assigned. While the group to which a user is assigned can be determined by information from the Windows user database, it is CiscoSecure ACS that grants authorization privileges.

To further control access by a user from within the Windows User Manager or Active Directory Users and Computers, you can configure CiscoSecure ACS to also check the setting for granting dialin permission to user. If this feature is disabled for the user, access is denied, even if the username and password are typed correctly

Frequent Contributor

Re: to assign static ip from active directory to dialin user

Hello,

 

I could not find another related thread about this.

I need to "read" the Dial-In STATIC IP Address Attribute from AD username using Aruba ClearPass 6.7.

If anyone managed to do it, please share the CPPM config details.

 

Thanks,

Florin.

VIP Advisor RJI VIP Advisor
VIP Advisor

Re: to assign static ip from active directory to dialin user

Hi @Florin Barhala 

 

I don't know about the Clearpass configuration, but you'll need to use the msRADIUSFramedIPAddress attribute and return that as part of authorization. This example covers what you want, it's for ISE not Clearpass, but should hopefully point you in the right direction.

 

HTH

Frequent Contributor

Re: to assign static ip from active directory to dialin user

Thank you very much, RJI!
I did figured it out in the meantime; full story can be read and hopefully used by others here: https://community.arubanetworks.com/t5/Security/Cisco-ASA-VPN-Returning-IETF-Framed-IP-Address/td-p/219119/page/2