Cisco 3.3 User Manual
Page 294
Chapter 7 User Management
Advanced User Authentication Settings
7-48
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
The Microsoft RADIUS attribute configurations display only if both the following
are true:
•
A AAA client is configured in Network Configuration that uses a RADIUS
protocol that supports the Microsoft RADIUS VSA.
•
The Per-user TACACS+/RADIUS Attributes check box is selected under
Advanced Options in the Interface Configuration section.
•
The user-level RADIUS (Microsoft) attributes you want to apply are enabled
under RADIUS (Microsoft) in the Interface Configuration section.
The following Cisco Secure ACS RADIUS protocols support the Microsoft
RADIUS VSA:
•
Cisco IOS
•
Cisco VPN 3000
•
Cisco VPN 5000
•
Ascend
Microsoft RADIUS represents only the Microsoft VSA. You must configure both
the IETF RADIUS and Microsoft RADIUS attributes.
Note
To hide or display Microsoft RADIUS attributes, see
Configuration Options for Non-IETF RADIUS Attributes, page 3-17
. A VSA
applied as an authorization to a particular user persists, even when you remove or
replace the associated AAA client; however, if you have no AAA clients of this
(vendor) type configured, the VSA settings do not appear in the user configuration
interface.
To configure and enable Microsoft RADIUS attributes to be applied as an
authorization for the current user, follow these steps:
Step 1
Perform Step 1 through Step 3 of
Adding a Basic User Account, page 7-4
The User Setup Edit page opens. The username being added or edited is at the top
of the page.
Step 2
Before configuring Cisco IOS RADIUS attributes, be sure your IETF RADIUS
attributes are configured properly. For more information about setting IETF
RADIUS attributes, see
Setting IETF RADIUS Parameters for a User, page 7-38
.