need help with sending group policy attribute to ASA
rzwang at scu.edu
Thu Jul 11 23:39:27 CEST 2019
Thank you Alan and Douglas for your help! It works! I made a mistake
earlier so it didn't work then. All I need to do is to "update reply" with
correct format. Appreciate both of your help.
On Thu, Jul 11, 2019 at 1:52 PM Alan DeKok <aland at deployingradius.com>
> On Jul 11, 2019, at 10:47 PM, Rong Wang <rzwang at scu.edu> wrote:
> > Thank you! I tried to set attribute "ASA-Group-Policy" under "update
> > reply", ASA didn't take it.
> What does that mean?
> Does the ASA documentation say that it accepts that attribute in the
> Access-Accept packet?
> > I also tried to set it under "update request",
> > it also didn't work.
> Because you're updating the *input* packet.
> You can't just make random changes and hope that it magically works.
> Understanding things is the key.
> > I am able to create a group with group attribute, and
> > set Cisco AVpair for the group in raddb/mod-config/file/authorize, but I
> > never had the luck to make ASA-Group-Policy attribute work with ASA. Any
> > other thought?
> See the ASA documentation for what attributes it expects in an
> Access-Accept, and what it does with those attributes.
> Then, configure FreeRADIUS to send those attributes.
> Alan Dekok.
> List info/subscribe/unsubscribe? See
Senior Network Engineer
Address | 500 El Camino Real, Santa Clara, CA 95053
Phone | (408)551-7107
Email | rzwang at scu.edu
Website | https://www.scu.edu/is/it
More information about the Freeradius-Users