Solved: Webvpn/radius - assign to group - Concentrator3005

rbrunne · ‎02-17-2010

Configuring a Cisco Concentrator3005 using IPSEC client on PC and authenticating via radius w/ group assignment is a breeze - plus I'm not configuring an individual user - and don't want to.

But I'm banging my head trying to configure Webvpn to authenticate via radius and assigning the user to a group! The user always defaults itself to the Base Group. I want to figure out a way to have the user placed into a Group.

Anyone tackle this before?

Thx.

Robert

Ivan Martinon · ‎02-18-2010

Robert,

First, you need to make sure that the Radius server is your first authentication method configured on the VPN3000, WEBVPN reads the authentication server list from top to bottom and the first one on the list is the one to be chosen, second to assign the user to a group you need to configure the class value on your radius server, this value has to be equal to the webvpn group you need to assign the user to.

View solution in original post

Ivan Martinon · ‎02-18-2010

Robert,

First, you need to make sure that the Radius server is your first authentication method configured on the VPN3000, WEBVPN reads the authentication server list from top to bottom and the first one on the list is the one to be chosen, second to assign the user to a group you need to configure the class value on your radius server, this value has to be equal to the webvpn group you need to assign the user to.

rbrunne · ‎02-18-2010

Ivan,

Thanks for the information. It was the "Class attribute" setting on the radius server that fixed my problem.