Cisco Systems OL-24201-01 Camera Accessories User Manual

Open as PDF

of 650

8-61

User Guide for Cisco Secure Access Control System 5.3

OL-24201-01

Chapter 8 Managing Users and Identity Stores

Managing External Identity Stores

Failover

ACS 5.3 allows you to configure multiple RADIUS identity stores. Each RADIUS identity store can

have primary and secondary RADIUS servers. When ACS is unable to connect to the primary server, it

uses the secondary server.

Password Prompt

RADIUS identity stores allow you to configure the password prompt. You can configure the password

prompt through the ACS web interface.

User Group Mapping

To provide the per-user group mapping feature available in ACS 4.x, ACS 5.3 uses the attribute retrieval

and authorization mechanism for users that are authenticated with a RADIUS identity store.

For this, you must configure the RADIUS identity store to return authentication responses that contain

the [009\001] cisco-av-pair attribute with the following value:

ACS:CiscoSecure-Group-Id=N, where N can be any ACS group number from 0 through 499 that ACS

assigns to the user.

Then, this attribute is available in the policy configuration pages of the ACS web interface while creating

authorization and group mapping rules.

Groups and Attributes Mapping

You can use the RADIUS attributes retrieved during authentication against the RADIUS identity store

in ACS policy conditions for authorization and group mapping. You can select the attributes that you

want to use in policy conditions while configuring the RADIUS identity store. These attributes are kept

in the RADIUS identity store dedicated dictionary and can be used to define policy conditions.

Note You cannot query the RADIUS server for the requested attributes. You can only configure the RADIUS

identity store to return the requested attributes. These attributes are available in the Access-Accept

response as part of the attributes list.

You can use the attribute subscription feature of ACS 5.3 to receive RADIUS identity store attributes can

on the ACS response to the device. The following RADIUS attributes are returned:

• Attributes that are listed in the RADIUS RFS

• Vendor-specific attributes

The following attribute types are supported:

• String

• Unsigned Integer

• IPv4 Address

• Enumeration

If an attribute with multiple values is returned, the value is ignored, and if a default value has been

configured, that value is returned. However, this attribute is reported in the customer log as a problematic

attribute.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-24201-01 Camera Accessories User Manual