Re: Central login for FMC

Oban3jimmy · ‎06-28-2019

Got FMC installed, looking to integrate it with a windows 2016 server for login. Got some users in a security group that I would like to be able to login to FMC with their own accounts.

what is easiest way to achieve this?

thanks

Rob Ingram · ‎06-29-2019

Hi,

You can use LDAP to integrate into Active Directory, guide here. Or RADIUS, example here

HTH

Oban3jimmy · ‎06-29-2019

Thanks, seen the config to add in FMC

is there any VSA on the radius server? For example you usually need a custom vendor code and radius strings to make it work?

thanks

Rob Ingram · ‎06-29-2019

Check out this guide and see RADIUS specific attributes

Oban3jimmy · ‎06-29-2019

Thanks for sending, much appreciated.

However im after the windows server attributes I need for Cisco FMC? I won’t be using Cisco ISE for the radius authentication... it will be a Windows 2016 server.

With my other systems; I usually have to add in vendor specific attribute ID and some unique radius values to return.

or am I missing something obvious with FMC?

thanks

Rob Ingram · ‎06-29-2019

I've not seen a guide for Windows NPS RADIUS, but you need to configured the Class-25 av-pair to send the value of Class = Administrator to the Firepower device.