cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2475
Views
5
Helpful
10
Replies
Beginner

How to configure AD and Token server (over radius) authentication

Dear forum,
I have a scenario where users should be allowed network access after their have given their AD credentials and a token (Blackshield Token server).
The token server speaks over radius to the cisco ACS appliance. I have managed to get users authenticated by means of their AD credentials. I am how ever not able to use both means in order to have a successfull authentication.

Does anyone have a configuration example for this scenario? Any help would be greatly appreciated.

Thanks!!!

10 REPLIES 10
Beginner

Re: How to configure AD and Token server (over radius) authentic

Is there any one out there willing to help me?

Sent from Cisco Technical Support iPhone App

Beginner

Re: How to configure AD and Token server (over radius) authentic

I don't think you can authenticate users using two methods. You coul use either AD or token sever, but not both.

Sent from Cisco Technical Support iPad App

Beginner

Re: How to configure AD and Token server (over radius) authentic

Hi There,

Thanks for taking the time to reply to this question. It is dully appreciated. Please note that the token server communicates over radius (its not a RSA token server). I have read that it is possible to use two athentication sources in order to authenticate a user. There is a page on the internet that explains a bit in detail how to configure this but I can for the live of it not find that page.

Scenario is like > logon to device > enter AD credentials > get popped for another authentication > enter authentication method (mind in this case is a token over Radius.

Does any one have worked with such a scenario and can help me further?

Thanks again.

Highlighted
Participant

Re: How to configure AD and Token server (over radius) authentic

Hello,

Which type of authentication are you performing? Is this for some type of VPN access like VPN Client (IPSec) or AnyConnect?

Regards,

Carlos.

Beginner

Re: How to configure AD and Token server (over radius) authentic

Hi Carlos,

Its just for normal infra device authentication.

Thanks,
Remco

Sent from Cisco Technical Support iPhone App

Advocate

How to configure AD and Token server (over radius) authenticatio

Hi,

I have had two deployments using this form of authentication.

Just so we are on the same page, the token servers that I have integrated connect to an Active Directory server running NPS (MS radius), then the user will have to send their password+token and the token software will check the account password, and then the token to see if the users succeeds.

Let me know if that is the design of your software. If it is, then all you need to do is configure the token software to run on radius and then set the policies up from there. From the network device standpoint it just needs to point to the radius server.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*
Beginner

Re: How to configure AD and Token server (over radius) authentic

Hi there,

Solved. We enabled the radius proxy and made an authentication policy.

Thanks.
Remco

Sent from Cisco Technical Support iPhone App

Beginner

Re: How to configure AD and Token server (over radius) authentic

Do you have any details about your radius sequence and policy? 

Cisco Employee

Re: How to configure AD and Token server (over radius) authentic

Please consider posting a document describing the steps you took to get your token server configuration working to help others trying to do the similar thing in the future.

Beginner

Re: How to configure AD and Token server (over radius) authentic

Hello, reguntenaar

 

Could you describe us the steps you followed for implementing your solution? We will apprecciate that.

 

Thank you so much.