Chapter 7 Setting Up and Managing User Accounts
Advanced User Authentication Settings
7-44
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Note
To hide or display Cisco VPN 3000 Concentrator RADIUS attributes, see
Setting
Protocol Configuration Options for Non-IETF RADIUS Attributes, page 3-16
. A
VSA applied as an authorization to a particular user persists, even when you
remove or replace the associated AAA client; however, if you have no AAA
clients of this (vendor) type configured, the VSA settings do not appear in the user
configuration interface.
To configure and enable Cisco VPN 3000 Concentrator RADIUS attributes to be
applied as an authorization for the current user, follow these steps:
Step 1
Perform Step 1 through Step 3 of
Adding a Basic User Account, page 7-5
.
Result: The User Setup Edit page opens. The username being added or edited is
at the top of the page.
Step 2
Before configuring Cisco VPN 3000 Concentrator RADIUS attributes, be sure
your IETF RADIUS attributes are configured properly.
For more information about setting IETF RADIUS attributes, see
Setting IETF
RADIUS Parameters for a User, page 7-38
.
Step 3
In the Cisco VPN 3000 Concentrator Attribute table, to specify the attributes that
should be authorized for the user, follow these steps:
a.
Select the check box next to the particular attribute.
b.
Further define the authorization for that attribute in the box next to it.
c.
Continue to select and define attributes, as applicable.
For more information about attributes, see
Appendix C, “RADIUS
Attributes,”
or your AAA client documentation.
Step 4
Do one of the following:
•
If you are finished configuring the user account options, click Submit to
record the options.
•
To continue to specify the user account options, perform other procedures in
this chapter, as applicable.