cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1342
Views
0
Helpful
3
Replies

ASA5500 AAA SERVER GROUP (RADIUS) -> FREERADIUS AUTH

vpancisco
Level 1
Level 1

hello,

i'm trying to authenticate users from ASA 5520 to FREERADIUS on Debian

Does anyone succed in ? what's the way to ?

thanks

3 Replies 3

Ivan Martinon
Level 7
Level 7

Did that once and worked like a charm, as far as I remember you need to manually edit the clients.conf file on the radius service of freeradius and add the NAS ip address, key and ID I believe the doc for freeradius will help:

http://wiki.freeradius.org/Configuration

cheers

thanks

ok it found now !!

but only if i put in clear text the password in the users file as:

youruser   Cleartext-Password := "somepass"
           Service-Type = NAS-Prompt-User,

so i don't use password stored in the freeradius data base

that's not enough secure for an auth service

regards

There are many other databases you can use. Check the users file in /etc/raddb/users for examples.

You can also have it authenticate against the unix user db, i.e. /etc/passwd. This is the default configuration for freeradius.

e.g. /etc/raddb/users

DEFAULT Auth-Type = System
        Fall-Through = 1

/etc/passwd uses MD5 for its hashing if I'm not mistaken.

Cheers,

Conor

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: