Questions tagged [aaa]

17 questions
5
votes
1 answer

How can I configure an ASA such that I can use a sub-priviledge 15 user to download the current config from http?

I am setting up our new ASA's at Stack Exchange and am trying to follow some best practices like using configuration management and minimum-permissions-necessary users. What I'm trying to do is utilize the https server to download the running…
Peter Grace
  • 3,446
  • 1
  • 26
  • 42
4
votes
1 answer

Cisco ASA LDAP Group Privilege Level

We have a pair of ASA 5510s (8.4.3) on which we use LDAP authentication for VPN and SSH access. On all of our Catalyst switches, which use RADIUS, we're able to set the shell:priv-lvl to 15 in the RADIUS config (2008R2 NPS). However, the best I…
bab
  • 443
  • 1
  • 5
  • 12
2
votes
2 answers

How do I use a domain account to connect to a MSSQL server for NPS accounting?

I'm trying to connect a Server 2008 R2 NPS to a MSSQL server for logging accounting data and I'm running into issues. I configured NPS Accounting through the "Configure Accounting" wizard and, using windows integrated security, I was able to connect…
red888
  • 4,069
  • 16
  • 58
  • 104
1
vote
1 answer

Unknown users logged into cisco router

Good day! I logged into a Cisco management router located in our company network and issue the show users command and it gave the following output. The 3rd line vty 4 is me. I am concerned of the 2 other entries because I am 100% sure no one except…
ultrajohn
  • 160
  • 1
  • 11
1
vote
1 answer

TACACS+ configuration: how to receive priv-lvl value?

I need to configure TACACS+ server to know if the given user is authenticated* and what is his priv-lvl. As a client I'm using tactest (tacacs.net) and TACACS+ Client Java Library (AXL). I tried with this: user = admin { name = “Admin User” …
1
vote
2 answers

Radius clients with different authentication criteria

I can't seem to find a good tutorial on how to set my network policy for one of my radius clients. I'd like my radclientA with policyA to authenticate and radclientB with policyB to authenticate. It seems though that if I have a policy in place,…
normarth
  • 155
  • 3
1
vote
2 answers

Can a device (WAP or switch) be configured as an 802.1x supplicant?

We are looking at implementing 802.1x on a wired/wireless network. What I am looking for is a device that can act as a supplicant and once authenticated on the network, is able to pass traffic from any downstream connected device. The point of doing…
Allan Ross
  • 11
  • 2
0
votes
1 answer

Will a wifi range extender work after AAA configuration of the network?

In our campus LAN we are using WPA2 protocol and users have a common password. Presently there are several WAPs but we also need a few wifi range extenders (the range extender is TP Link TL- WA855RE) to cover the blind spots in areas we can't…
S.Chandla
  • 13
  • 1
0
votes
1 answer

What will happen if I enable LDAP authenticaion on pfsense and LDAP server will fail?

Currently I am using local database for authentication on my pfsense. I know that Cisco's IOS has backup authentication methods for the cases when primary one fails. You can even not to authenticate at all if all servers fail. I want to use AD user…
Edik Mkoyan
  • 115
  • 5
0
votes
1 answer

FreeRadius Scalability with multiple NAS worldwide

Our network setup consists of 5 network access servers in 5 different locations worldwide and it is expected to expand in the coming days to 15 network access servers and more in future. Currently we use scripts for authentication but we are…
4_dev
  • 49
  • 1
  • 1
  • 6
0
votes
1 answer

NPS Server 2012 with ASA as Radius client not working, Server 2008 Working

for some time I have been using 2008 R2 as my Radius server and I have a Cisco ASA FW who is configured as Radius client and working ok. I have introduced another Windows 2012 DC, and also configured the same policy straight from the book for…
0
votes
1 answer

Does "aaa accounting commands" not support radius?

When I issue this command: aaa accounting commands 15 default start-stop group myradiusgroup I get this error: %AAAA-4-SERVNOTACPLUS: The server-group "myradiusgroup" is not a tacacs+ server group. Please define "myradiusgroup" as a tacacs+ server…
red888
  • 4,069
  • 16
  • 58
  • 104
0
votes
1 answer

Linux TACACS+ authorization

I'd like to know to to authorize (only allow a set of commands) users on Linux console (bash). I'm so far able to authenticate ssh users over TACACS+ but authorization is not working. This is my tac_plus.conf file, really simplified for…
0
votes
1 answer

Citrix Netscaler 10.1 AAA Application Traffic Single Sign On

I have a Netscaler deployment with a virtual server where I have enabled authentication through the AAA Application Traffic feature. As Expected this allows my users to log on to the netscaler login prompt once and then have sso work for all…
Canis
  • 87
  • 10
0
votes
0 answers

Radius AAA authentication failover

I know this question has been asked on here but I cannot seem to figure this out. I am trying to get radius to failover to local authentication but whenever I turn off radius it won't failover. Below is my configuration: aaa new-model aaa…
Cory
  • 1
  • 1
1
2