I have configured a Cisco ASA appliance, with IAS/Radius authentication, and can successfully login and browse the network, plus see the URL and FileShare list as defined in the policy group in the ASA.
All seems to work fine - except:
the webserver (setup for windows authenticated integration) state that the user does not have permission to view the web pages, although it works fine on a webserver with anonymous login access.
The files server file shares also return a msg, something like 'do not have sufficient permission to view these files'.
Seems pretty obvious, the permission for that user is not sufficient.
However, the user is in all the correct groups in the AD, seems to have all the correct settings.
So how does permission/authorization work with WebVPN then? Is there something that needs to be added (e.g. an attribute) in the IAS radius server?
Someone must know how this stuff works under the hood somewhere.
All seems to work fine - except:
the webserver (setup for windows authenticated integration) state that the user does not have permission to view the web pages, although it works fine on a webserver with anonymous login access.
The files server file shares also return a msg, something like 'do not have sufficient permission to view these files'.
Seems pretty obvious, the permission for that user is not sufficient.
However, the user is in all the correct groups in the AD, seems to have all the correct settings.
So how does permission/authorization work with WebVPN then? Is there something that needs to be added (e.g. an attribute) in the IAS radius server?
Someone must know how this stuff works under the hood somewhere.