cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
521
Views
10
Helpful
3
Replies

authentication between the ACS and AD

sidcracker
Level 1
Level 1

Hello,

I would like to know the kind of authentication mechanism ACS 5.1 uses to talk with the Active Directory. Does it use MSCHAP or MSCHAPv2 or just plain PAP. By default it uses PAP to speak between the Cisco IOS and the ACS on the 5.1.

If you llook at the default device admin tab and click on allowed protocols ---> it mentions PAP.

DOes it use a secure means of transport between the ACS and AD. Idf so can anyone tell the authentication mechanism?

Thanks

1 Accepted Solution

Accepted Solutions

Jatin Katyal
Cisco Employee
Cisco Employee

Any administration session like telnet, ssh and console they always use PAP as an authentication method.


Though pap communication can be captured and read as it happens in clear text. However, since we have tacacs in use, it always encrypt the whole packet with shared secret defined on the IOS and ACS/TACACS so if you capture the traffic between the tacacs and device you won't be able to decrypt it without the key.


In case you have radius then use SSH (Putty) so that it can help you for secure communication.


ACS and AD do support CHAP, MSCHAPv1 and MSCHAPv2 and PAP.


However, these administration doesn't work on other authentication method except PAP.


HTH


Regds,

Jatin



Do rate helpful posts~

~Jatin

View solution in original post

3 Replies 3

Jatin Katyal
Cisco Employee
Cisco Employee

Any administration session like telnet, ssh and console they always use PAP as an authentication method.


Though pap communication can be captured and read as it happens in clear text. However, since we have tacacs in use, it always encrypt the whole packet with shared secret defined on the IOS and ACS/TACACS so if you capture the traffic between the tacacs and device you won't be able to decrypt it without the key.


In case you have radius then use SSH (Putty) so that it can help you for secure communication.


ACS and AD do support CHAP, MSCHAPv1 and MSCHAPv2 and PAP.


However, these administration doesn't work on other authentication method except PAP.


HTH


Regds,

Jatin



Do rate helpful posts~

~Jatin

Thank you Jatin....

Your welcome

Rgds,

Jatin

~Jatin