Setting ascend radius parameters for a user – Cisco 3.3 User Manual
Page 289
7-43
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 7 User Management
Advanced User Authentication Settings
Setting Ascend RADIUS Parameters for a User
The Ascend RADIUS parameters appear only if all the following are true:
•
A AAA client is configured to use RADIUS (Ascend) in Network
Configuration.
•
The Per-user TACACS+/RADIUS Attributes check box is selected under
Advanced Options in the Interface Configuration section.
•
User-level RADIUS (Ascend) attributes you want to apply are enabled under
RADIUS (Ascend) in the Interface Configuration section.
Ascend RADIUS represents only the Ascend proprietary attributes. You must
configure both the IETF RADIUS and Ascend RADIUS attributes. Proprietary
attributes override IETF attributes.
The default attribute setting displayed for RADIUS is
Ascend-Remote-Addr
.
Note
To hide or display Ascend RADIUS attributes, see
Setting Protocol Configuration
Options for Non-IETF RADIUS Attributes, page 3-17
. A VSA applied as an
authorization to a particular user persists, even when you remove or replace the
associated AAA client; however, if you have no AAA clients of this (vendor) type
configured, the VSA settings do not appear in the user configuration interface.
To configure and enable Ascend RADIUS attributes to be applied as an
authorization for the current user, follow these steps:
Step 1
Perform Step 1 through Step 3 of
Adding a Basic User Account, page 7-4
The User Setup Edit page opens. The username being added or edited is at the top
of the page.
Step 2
Before configuring Ascend RADIUS attributes, be sure your IETF RADIUS
attributes are configured properly. For more information about setting IETF
RADIUS attributes, see
Setting IETF RADIUS Parameters for a User, page 7-38
.
Step 3
In the Ascend RADIUS Attributes table, to specify the attributes that should be
authorized for the user, follow these steps:
a.
Select the check box next to the particular attribute.
b.
Further define the authorization for that attribute in the box next to it.
c.
Continue to select and define attributes, as applicable.