|reply to addp009 |
Re: IOS and Active Directory intergration using Radius
I have never been able to successfully do that on a router.
On the ASAs however, you can use something called DAP (dynamic access policies) to match a group attribute returned by the AAA server. In that case, you would use AD (dont need RADIUS) to match a users global/universal group membership in a domain. So you would just greate a group called something like VPN_USER and join the users to it in AD. Then on the ASA you would match that group attribute and only permit users to login that authenticated and the domain controller replied with them being a member of that group.