Solved: Cisco WSA : What is RADIUS CLASS attribute ?

stephane.walker · ‎03-28-2014

Hello !

I am trying to use a radius server Cisco ISE as an external authentication server for WSA. I would like to assign roles for groups of users but i don't understand the meaning of RADIUS CLASS attribute. What am I supposed to write in this field ?

Thank you,

Stéphane Walker

Ken Stieers · ‎03-28-2014

The CLASS attribute is generic, in that you can put anything in it. So you get to decide what you use.

On your RADIUS box, for the users or group that it applies to, set it to something like "WSAAdmin" for admins, "WSARO" for read only users...

Then when you config the WSA, you set them appropriately there...

But you can really use any string you want to, they just need to match appropriately.

HTH,

Ken

View solution in original post

Ken Stieers · ‎03-28-2014

The CLASS attribute is generic, in that you can put anything in it. So you get to decide what you use.

On your RADIUS box, for the users or group that it applies to, set it to something like "WSAAdmin" for admins, "WSARO" for read only users...

Then when you config the WSA, you set them appropriately there...

But you can really use any string you want to, they just need to match appropriately.

HTH,

Ken

stephane.walker · ‎03-31-2014

Thank you Ken for your answer.

I succeeded to assign roles for groups of users and found that RADIUS CLASS field corresponds in fact to the Class[25] radius attribute. So I set an authorization profile in my radius server with a Class[25] attribute equals to the RADIUS CLASS field in WSA and it worked very well.

Stephane