I have a scenario where users should be allowed network access after their have given their AD credentials and a token (Blackshield Token server).
The token server speaks over radius to the cisco ACS appliance. I have managed to get users authenticated by means of their AD credentials. I am how ever not able to use both means in order to have a successfull authentication.
Does anyone have a configuration example for this scenario? Any help would be greatly appreciated.
Thanks for taking the time to reply to this question. It is dully appreciated. Please note that the token server communicates over radius (its not a RSA token server). I have read that it is possible to use two athentication sources in order to authenticate a user. There is a page on the internet that explains a bit in detail how to configure this but I can for the live of it not find that page.
Scenario is like > logon to device > enter AD credentials > get popped for another authentication > enter authentication method (mind in this case is a token over Radius.
Does any one have worked with such a scenario and can help me further?
I have had two deployments using this form of authentication.
Just so we are on the same page, the token servers that I have integrated connect to an Active Directory server running NPS (MS radius), then the user will have to send their password+token and the token software will check the account password, and then the token to see if the users succeeds.
Let me know if that is the design of your software. If it is, then all you need to do is configure the token software to run on radius and then set the policies up from there. From the network device standpoint it just needs to point to the radius server.
*Please rate helpful posts*