Configuring Roles » History » Version 4
Version 3 (Luke Murphey, 08/12/2012 06:26 AM) → Version 4/10 (Luke Murphey, 08/12/2012 06:40 AM)
h1. Configuring Roles
By default, successfully authenticated users are assigned the "user" role. However, this can be overridden by creating a vendor specific attribute. The attribute should contain a string containing a colon or comma separated list of roles (like "admin:can_delete"). Re-run setup on the RADIUS auth app and configure the app to use the vendor code and vendor attribute ID you defined.
Below are instructions for configuring IAS:
h2. Open the IAS MMC Snap-In
Start the "mmc"
!Open_mmc_snap_in.png!
h2. Open the Remote Access Policy
Selected "Remote Access Policies" and open the appropriate policy. Then press the "Edit Profile" button and then click the "Advanced" tab.
!Select_policy.png!
h2. Create a New Attribute
Press the "Add" button and create Create a new attribute with a name value of "Vendor-Specific" and a vendor of "RADIUS Standard".
!Select_attribute.png!
Press "Add" under the list of attribute values. Set the vendor code to 27389 and click the radio button for "Yes. It conforms".
!Set_vendor_code.png!
Click "Configure Attribute" to edit the value. Set the "Vendor assigned attribute number" to 0. Select a format of string and set the value to a colon separated list of roles.
!Edit_attribute.png!
The created attribute should look something like this:
!List_attributes.png!
By default, successfully authenticated users are assigned the "user" role. However, this can be overridden by creating a vendor specific attribute. The attribute should contain a string containing a colon or comma separated list of roles (like "admin:can_delete"). Re-run setup on the RADIUS auth app and configure the app to use the vendor code and vendor attribute ID you defined.
Below are instructions for configuring IAS:
h2. Open the IAS MMC Snap-In
Start the "mmc"
!Open_mmc_snap_in.png!
h2. Open the Remote Access Policy
Selected "Remote Access Policies" and open the appropriate policy. Then press the "Edit Profile" button and then click the "Advanced" tab.
!Select_policy.png!
h2. Create a New Attribute
Press the "Add" button and create Create a new attribute with a name value of "Vendor-Specific" and a vendor of "RADIUS Standard".
!Select_attribute.png!
Press "Add" under the list of attribute values. Set the vendor code to 27389 and click the radio button for "Yes. It conforms".
!Set_vendor_code.png!
Click "Configure Attribute" to edit the value. Set the "Vendor assigned attribute number" to 0. Select a format of string and set the value to a colon separated list of roles.
!Edit_attribute.png!
The created attribute should look something like this:
!List_attributes.png!