Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1537
Views
0
Helpful
2
Replies

Identifing Radius authenticated users in firepower and/or OpenDNS

wstemmons1984
Level 1
Level 1

‎11-05-2015 08:53 AM

Sourcefire has been added to our security platform. Many of our clients are students and use primarily the wireless network. Wireless authentication is handled by a radius server. The problem is that when I drill down into an event I am unable to identify the user. I can see the device name but not the authenticated user. I was told by the partner that installed the product that it isn't possible to identify the user because the user authenticated though a radius server and that SourceFire can only identify LDAP authenticated users.

Is there a solution to me problem?

Labels:
0 Helpful
2 Replies 2

Aaron O'Hare
Level 1
Level 1

‎11-05-2015 09:14 AM

SourceFire does not use LDAP for user detection, you should install a SourceFire user agent and point it at the domain controller security logs.

This can run on your domain controller(s), radius server(s), or on stand-alone server(s).

Each user agent supports up to 5 security log sources.

SFUA Config Guide: http://www.cisco.com/c/dam/en/us/td/docs/security/firesight/user-agent/FireSIGHT-User-Agent-Configuration-Guide-v2-2.pdf

-AO

0 Helpful

wstemmons1984
Level 1
Level 1
In response to Aaron O'Hare

‎11-05-2015 09:20 AM

Thank you Mr. O'Hare.

I will read the document that you provided. I will let you know how things turn out.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card