dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4
share rss forum feed

nosx

join:2004-12-27
00000
kudos:5
reply to addp009

Re: IOS and Active Directory intergration using Radius

I have never been able to successfully do that on a router.
On the ASAs however, you can use something called DAP (dynamic access policies) to match a group attribute returned by the AAA server. In that case, you would use AD (dont need RADIUS) to match a users global/universal group membership in a domain. So you would just greate a group called something like VPN_USER and join the users to it in AD. Then on the ASA you would match that group attribute and only permit users to login that authenticated and the domain controller replied with them being a member of that group.


Angralitux

join:2004-05-20
DO
you sure can get it to work. You may get some clues on this old thread, I was looking to authenticate users connecting PPTP VPN to a router.

»[Info] anyone used MS IAS as a RADIUS for cisco devices?

is pretty much useless for what you're looking to, but you may get some ideas.
--
All Is possible...