03-11-2013 01:27 AM - edited 03-10-2019 08:10 PM
Dear forum,
I have a scenario where users should be allowed network access after their have given their AD credentials and a token (Blackshield Token server).
The token server speaks over radius to the cisco ACS appliance. I have managed to get users authenticated by means of their AD credentials. I am how ever not able to use both means in order to have a successfull authentication.
Does anyone have a configuration example for this scenario? Any help would be greatly appreciated.
Thanks!!!
03-13-2013 08:08 AM
Is there any one out there willing to help me?
Sent from Cisco Technical Support iPhone App
03-13-2013 09:48 AM
I don't think you can authenticate users using two methods. You coul use either AD or token sever, but not both.
Sent from Cisco Technical Support iPad App
03-14-2013 06:50 AM
Hi There,
Thanks for taking the time to reply to this question. It is dully appreciated. Please note that the token server communicates over radius (its not a RSA token server). I have read that it is possible to use two athentication sources in order to authenticate a user. There is a page on the internet that explains a bit in detail how to configure this but I can for the live of it not find that page.
Scenario is like > logon to device > enter AD credentials > get popped for another authentication > enter authentication method (mind in this case is a token over Radius.
Does any one have worked with such a scenario and can help me further?
Thanks again.
03-14-2013 09:12 AM
Hello,
Which type of authentication are you performing? Is this for some type of VPN access like VPN Client (IPSec) or AnyConnect?
Regards,
Carlos.
03-14-2013 09:29 AM
Hi Carlos,
Its just for normal infra device authentication.
Thanks,
Remco
Sent from Cisco Technical Support iPhone App
03-15-2013 05:41 AM
Hi,
I have had two deployments using this form of authentication.
Just so we are on the same page, the token servers that I have integrated connect to an Active Directory server running NPS (MS radius), then the user will have to send their password+token and the token software will check the account password, and then the token to see if the users succeeds.
Let me know if that is the design of your software. If it is, then all you need to do is configure the token software to run on radius and then set the policies up from there. From the network device standpoint it just needs to point to the radius server.
Thanks,
Tarik Admani
*Please rate helpful posts*
03-15-2013 03:47 PM
Hi there,
Solved. We enabled the radius proxy and made an authentication policy.
Thanks.
Remco
Sent from Cisco Technical Support iPhone App
07-24-2018 02:59 PM
Do you have any details about your radius sequence and policy?
07-24-2018 04:26 PM
Please consider posting a document describing the steps you took to get your token server configuration working to help others trying to do the similar thing in the future.
06-19-2019 07:44 AM
Hello, reguntenaar
Could you describe us the steps you followed for implementing your solution? We will apprecciate that.
Thank you so much.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide