https://community.cisco.com/t5/network-access-control/vpn-3000-user-authentication-with-internal-database-and-active/m-p/647739#M5663 <P>Hi everyone,</P><P></P><P>I have a question about how to configure the VPN 3000 to work user authentication by using </P><P>Kerberos/Active Directory and Internal Database.</P><P></P><P>Why I ask you that question is that I have a following problem.</P><P></P><P>I have configured user authentication by using Internal Database for Group A for example.</P><P>Users of Group A have authenticated and communicated successfully.</P><P></P><P>Today I have configured user authentication by using Kerberos/Active Directory for Group B.</P><P>But at that time, Users of Group A could NOT authenticate and communicate.</P><P>(it seems VPN 3000 did not request user authentication to Internal Database)</P><P></P><P>To isolate the problem, I have deleted setting of Kerberos/Active Directory </P><P>"Configuration | System | Servers | Authentication and Delete" so that</P><P>Users of Group A can be authenticated.</P><P></P><P>So I have a question about how to configure to use both Internal Database and Kerberos/Active Directory </P><P>for user authentication for each Group, One Group uses Internal Database and another Group uses</P><P>Kerberos/Active Directory .</P><P></P><P>Your information would be appreciated.</P><P></P><P>Best regards,</P> Fri, 21 Feb 2020 18:17:22 GMT snakayama 2020-02-21T18:17:22Z https://community.cisco.com/t5/network-access-control/vpn-3000-user-authentication-with-internal-database-and-active/m-p/647739#M5663 <P>Hi everyone,</P><P></P><P>I have a question about how to configure the VPN 3000 to work user authentication by using </P><P>Kerberos/Active Directory and Internal Database.</P><P></P><P>Why I ask you that question is that I have a following problem.</P><P></P><P>I have configured user authentication by using Internal Database for Group A for example.</P><P>Users of Group A have authenticated and communicated successfully.</P><P></P><P>Today I have configured user authentication by using Kerberos/Active Directory for Group B.</P><P>But at that time, Users of Group A could NOT authenticate and communicate.</P><P>(it seems VPN 3000 did not request user authentication to Internal Database)</P><P></P><P>To isolate the problem, I have deleted setting of Kerberos/Active Directory </P><P>"Configuration | System | Servers | Authentication and Delete" so that</P><P>Users of Group A can be authenticated.</P><P></P><P>So I have a question about how to configure to use both Internal Database and Kerberos/Active Directory </P><P>for user authentication for each Group, One Group uses Internal Database and another Group uses</P><P>Kerberos/Active Directory .</P><P></P><P>Your information would be appreciated.</P><P></P><P>Best regards,</P> Fri, 21 Feb 2020 18:17:22 GMT https://community.cisco.com/t5/network-access-control/vpn-3000-user-authentication-with-internal-database-and-active/m-p/647739#M5663 snakayama 2020-02-21T18:17:22Z https://community.cisco.com/t5/network-access-control/vpn-3000-user-authentication-with-internal-database-and-active/m-p/647740#M5664 <HTML><HEAD></HEAD><BODY><P>Kerberos is a client-server based secret-key network authentication method that uses a trusted Kerberos server to verify secure access to both services and users. In Kerberos, this trusted server is called the key distribution center (KDC). The KDC issues tickets to validate users and services. A ticket is a temporary set of electronic credentials that verify the identity of a client for a particular service.</P><P>These tickets have a limited life span and can be used in place of the standard user password authentication mechanism if a service trusts the Kerberos server from which the ticket was issued. If the standard user password method is used, Kerberos encrypts user passwords into the tickets, ensuring that passwords are not sent on the network in clear text. When you use Kerberos, passwords are not stored on any machine, except for the Kerberos server, for more than a few seconds. Kerberos also guards against intruders who might pick up the encrypted tickets from the network.</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/switches/ps679/products_configuration_guide_chapter09186a008007ef3d.html#xtocid153536" target="_blank">http://www.cisco.com/en/US/products/hw/switches/ps679/products_configuration_guide_chapter09186a008007ef3d.html#xtocid153536</A></P></BODY></HTML> Mon, 01 Jan 2007 16:46:23 GMT https://community.cisco.com/t5/network-access-control/vpn-3000-user-authentication-with-internal-database-and-active/m-p/647740#M5664 irisrios 2007-01-01T16:46:23Z