Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
214
Views
0
Helpful
1
Replies

Cisco ASA Group-policy assignment

KYLE MCLERREN
Level 1
Level 1

‎03-05-2015 09:50 AM

Hi,

 

We use a particular solution for authentication and multi-factor which is a RADIUS agent. Authentication and all those parts work fine, but unfortunately there is a limitation in the RADIUS agent we deploy that doesn't allow Active Directory group information to be passed to the ASA. 

Obviously this is very limiting as I cant see any of the AD groups the user belongs to, and use something like an attribute map to assign users automatically in to a group-policy. Is there any work around or any sort of other way that I can force users into certain groups if our RADIUS agent is incapable of passing that information to our ASA? 

Thank you!

 

 

Labels:
0 Helpful
1 Reply 1

KYLE MCLERREN
Level 1
Level 1

‎03-05-2015 10:35 AM

In thinking about this, one way I could go about getting what I want would be to use subdomains and the group-url option under the tunnel-groups that would then specify the default group policy and users wouldn't have the option to change it as long as I disable the alias. So xxx.domain.com would be bound to one policy, yyy.domain.com would be bound to another, etc.

If anyone has anymore thoughts, they are welcome. Otherwise i thought id just answer my own question. 

0 Helpful
Customers Also Viewed These Support Documents