ASA5500 AAA SERVER GROUP (RADIUS) -> FREERADIUS AUTH

Unanswered Question
Nov 26th, 2009
User Badges:

hello,



i'm trying to authenticate users from ASA 5520 to FREERADIUS on Debian


Does anyone succed in ? what's the way to ?


thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Wed, 12/02/2009 - 10:08
User Badges:
  • Cisco Employee,

Did that once and worked like a charm, as far as I remember you need to manually edit the clients.conf file on the radius service of freeradius and add the NAS ip address, key and ID I believe the doc for freeradius will help:


http://wiki.freeradius.org/Configuration


cheers

vpancisco Thu, 12/03/2009 - 00:40
User Badges:

thanks


ok it found now !!


but only if i put in clear text the password in the users file as:


youruser   Cleartext-Password := "somepass"
           Service-Type = NAS-Prompt-User,


so i don't use password stored in the freeradius data base


that's not enough secure for an auth service


regards

Conor Cunningham Sun, 12/06/2009 - 11:40
User Badges:

There are many other databases you can use. Check the users file in /etc/raddb/users for examples.


You can also have it authenticate against the unix user db, i.e. /etc/passwd. This is the default configuration for freeradius.


e.g. /etc/raddb/users


DEFAULT Auth-Type = System
        Fall-Through = 1


/etc/passwd uses MD5 for its hashing if I'm not mistaken.


Cheers,


Conor

Actions

This Discussion