need help with sending group policy attribute to ASA
aland at deployingradius.com
Thu Jul 11 22:51:52 CEST 2019
On Jul 11, 2019, at 10:47 PM, Rong Wang <rzwang at scu.edu> wrote:
> Thank you! I tried to set attribute "ASA-Group-Policy" under "update
> reply", ASA didn't take it.
What does that mean?
Does the ASA documentation say that it accepts that attribute in the Access-Accept packet?
> I also tried to set it under "update request",
> it also didn't work.
Because you're updating the *input* packet.
You can't just make random changes and hope that it magically works. Understanding things is the key.
> I am able to create a group with group attribute, and
> set Cisco AVpair for the group in raddb/mod-config/file/authorize, but I
> never had the luck to make ASA-Group-Policy attribute work with ASA. Any
> other thought?
See the ASA documentation for what attributes it expects in an Access-Accept, and what it does with those attributes.
Then, configure FreeRADIUS to send those attributes.
More information about the Freeradius-Users