This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I have a scenario where users should be allowed network access after their have given their AD credentials and a token (Blackshield Token server).
The token server speaks over radius to the cisco ACS appliance. I have managed to get users authenticated by means of their AD credentials. I am how ever not able to use both means in order to have a successfull authentication.
Does anyone have a configuration example for this scenario? Any help would be greatly appreciated.
I don't think you can authenticate users using two methods. You coul use either AD or token sever, but not both.
Sent from Cisco Technical Support iPad App
Thanks for taking the time to reply to this question. It is dully appreciated. Please note that the token server communicates over radius (its not a RSA token server). I have read that it is possible to use two athentication sources in order to authenticate a user. There is a page on the internet that explains a bit in detail how to configure this but I can for the live of it not find that page.
Scenario is like > logon to device > enter AD credentials > get popped for another authentication > enter authentication method (mind in this case is a token over Radius.
Does any one have worked with such a scenario and can help me further?
Which type of authentication are you performing? Is this for some type of VPN access like VPN Client (IPSec) or AnyConnect?
I have had two deployments using this form of authentication.
Just so we are on the same page, the token servers that I have integrated connect to an Active Directory server running NPS (MS radius), then the user will have to send their password+token and the token software will check the account password, and then the token to see if the users succeeds.
Let me know if that is the design of your software. If it is, then all you need to do is configure the token software to run on radius and then set the policies up from there. From the network device standpoint it just needs to point to the radius server.
*Please rate helpful posts*
Please consider posting a document describing the steps you took to get your token server configuration working to help others trying to do the similar thing in the future.