Cisco Cisco Firepower Management Center 4000
48-38
FireSIGHT System User Guide
Chapter 48 Managing Users
Managing Authentication Objects
You can use an attribute-value pair to identify users who should receive a particular user role. If the
attribute you use is a custom attribute, you must define the custom attribute.
attribute you use is a custom attribute, you must define the custom attribute.
The following figure illustrates the role configuration and custom attribute definition in a sample
RADIUS login authentication object for the same FreeRADIUS server as in the previous example.
RADIUS login authentication object for the same FreeRADIUS server as in the previous example.
In this example, however, the
MS-RAS-Version
custom attribute is returned for one or more of the users
because a Microsoft remote access server is in use. Note the
MS-RAS-Version
custom attribute is a string.
In this example, all users logging in to RADIUS through a Microsoft v. 5.00 remote access server should
receive the Security Analyst (Read Only) role, so you type the attribute-value pair of
receive the Security Analyst (Read Only) role, so you type the attribute-value pair of
MS-RAS-Version=MSRASV5.00
in the
Security Analyst (Read Only)
field.