Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
649
Views
0
Helpful
1
Replies

Configuring multiple authentication sources in router TACACS config / radius

PETER NEGUS
Level 1
Level 1

‎11-28-2012 03:02 AM - edited ‎03-04-2019 06:15 PM

I have the requirement to allow the customer to login to the router, and to use their own AD for authentication, whilst maintaining our own TACACS access for management. Obviously, I could do an integration between our TACACS server and the customer's AD, but this involves blowing lots of holes in our firewalls and much grief all round.

So what I would like to do is:

For default login (say SMITHJ) authenticate via our TACACS+

For customer login (say john.doe@contoso.com) authenticate via customer owned RADIUS onto the customer's AD.

At a push, I could install a TACACS+ server in the customer domain to proxy onto their AD if it is not possible to do this with RADIUS.

Is this possible? If so a config would be much appreciated.

Labels:
0 Helpful
1 Reply 1

Abzal
Level 7
Level 7

‎11-28-2012 08:57 AM

Hi,

I'm not sure about TACACS+ integration with AD. But for such task you can use Windows server 2000/2003 with integrated RADIUS server in box. Or you can use Cisco Access Secure Server which can be integrated with AD.
Refer this link
http://briandesmond.com/blog/how-to-authenticate-against-active-directory-from-cisco-ios/

Hope it will help.

Sent from Cisco Technical Support iPhone App

Best regards,
Abzal
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card