Configuring multiple authentication sources in router TACACS config / radius
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2012 03:02 AM - edited 03-04-2019 06:15 PM
I have the requirement to allow the customer to login to the router, and to use their own AD for authentication, whilst maintaining our own TACACS access for management. Obviously, I could do an integration between our TACACS server and the customer's AD, but this involves blowing lots of holes in our firewalls and much grief all round.
So what I would like to do is:
For default login (say SMITHJ) authenticate via our TACACS+
For customer login (say john.doe@contoso.com) authenticate via customer owned RADIUS onto the customer's AD.
At a push, I could install a TACACS+ server in the customer domain to proxy onto their AD if it is not possible to do this with RADIUS.
Is this possible? If so a config would be much appreciated.
- Labels:
-
Other Routers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2012 08:57 AM
Hi,
I'm not sure about TACACS+ integration with AD. But for such task you can use Windows server 2000/2003 with integrated RADIUS server in box. Or you can use Cisco Access Secure Server which can be integrated with AD.
Refer this link
http://briandesmond.com/blog/how-to-authenticate-against-active-directory-from-cisco-ios/
Hope it will help.
Sent from Cisco Technical Support iPhone App
Abzal
