Radius Authentication

[boymarty24]

Hi Guys,

I have a working Radius/ias solution but i want to tune things up.

Is it possible to have the ASA to check the users in one certain OU on the windows machine and ignore the rest?

Marty

 

[Supergrrover]

I haven't tried this but...
You should be able to apply remote dial in connection group policy to an OU and the have the default set to off for the rest of the domain. It will still find the user account in any OU but will apply the overriding GP from that specific OU and allow those users only.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[NetworkGhost]

What do you want to check the OU for? What would be the result? Just authentication? authorization?

http://www.wr-mem.com

 

[boymarty24]

It was a AD question really. I wanted the users created in the OU to have only one membership ( when the user was created )

Its a done deal now

 

[Supergrrover]

what did you wind up doing? just curious.

Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[desperado618]

It appears that you have located a solution however the ASA can map to any LDAP field as long as the mapping is provided in the config.

For example:
hostname(config)# ldap attribute-map att_map_1
hostname(config-ldap-attribute-map)# map-name department cVPN3000-IETF-Radius-Class
hostname(config-ldap-attribute-map)# map-value department Engineering group1
hostname(config-ldap-attribute-map)#

http://www.NetLeets.com

IT Security news and information
In plain English