Re: ACS 5.2 with Radius Token

firado1985 · ‎06-09-2011

Hi All,

i have previous ACS 4.2 with local username and Radius Token Server as the password.

Scenario:

- when user ssh to network devices, username will check by ACS locally follow by Token password in order to login successful.

However, in ACS 5.2 i had tried many solution that i found in this forum and i still not able to bring the solution back.

i need help from expert to configure the same solution as ACS 4.2. i using RSA 6.1 as my token server.

thanks

in ACS 5.2, i had configured the external database Radius Identiny Servers and add the ACS 5.2 in the RSA 6.1. I not able to see the connection between ACS and RSA server.

jrabinow · ‎06-09-2011

ACS 5.2 can support RSA SecuriD servers either as generic RADIUS token server or more natively by defining in:

"Users and Identity Stores > External Identity Stores > RSA SecurID Token Servers"

To define here you need to enter the "sdconf.rec" that is generated when registering all the ACS Instances as agents on the RSA Authetication Manager.

After defining here can then select the RSA SecurID Token Server as the result in the identity policy

Either way, whether using RADIUS token server or RSA SecurID, it does need need to be selected as the result of the identity policy.

If you are using the default access services as defined at product installation then this can be selected at:

"Access Policies > Access Services > Default Network Access> Identity"

Richard Atkin · ‎07-25-2011

That isn't supported any more. The account must 'entirely' live within ACS or RSA (or AD, etc).

As the feature of defining the username in the ACS and the password elsewhere is no longer supported, you will have to migrate the Usernames off ACS and host them to the RSA box instead.

Sent from Cisco Technical Support iPhone App