03-27-2012 02:51 AM - edited 03-10-2019 06:56 PM
I'm trying to configure an ASA to use ASA for authenticaton.
I've done this before on normal IOS devices fine. But the ASAs are confusing me.
All the documentation/examples I've seen have the lines:
aaa-server my-radius-group protocol radius aaa-server
my-radius-group
host 1.2.3.4 timeout 3 key “password” authentication-port 1812 accounting-port 1813 radius-common-pw “password”
I'm assuming the "radius-common-pw" is the Radius shared secret.
What I don't understand is: What's this "key" parameter ? The IOS help just says it's the password to authenticate the NAS to the AAA server. But in Radius, that's what the shared secret does (Partially)
Can anyone explain the difference between "key" & "radius-common-pw" ?
Thanks,
GTG
Solved! Go to Solution.
03-27-2012 08:31 AM
The name is the receipy.
To specify a common password to be used for all users who are accessing this RADIUS authorization server through this security appliance, use the radius-common-pw command in AAA-server host mode.
key is specific to a client (i.e. client is a device) you create on the Radius server.
Hope that answers your question
thanks
Rizwan Rafeek
03-27-2012 08:31 AM
The name is the receipy.
To specify a common password to be used for all users who are accessing this RADIUS authorization server through this security appliance, use the radius-common-pw command in AAA-server host mode.
key is specific to a client (i.e. client is a device) you create on the Radius server.
Hope that answers your question
thanks
Rizwan Rafeek
06-28-2014 08:33 PM
Common Password—Enter the common password for the group. The password is case-sensitive. The field displays only asterisks. If you are defining a RADIUS server to be used for authentication rather than authorization, do not provide a common password.
A RADIUS authorization server requires a password and username for each connecting user. You enter the password here. The RADIUS authorization server administrator must configure the RADIUS server to associate this password with each user via this security appliance. Be sure to provide this information to your RADIUS server administrator. Enter a common password for all users who are accessing this RADIUS authorization server through this security appliance.
If you leave this field blank, each user password will be the username. As a security precaution never use a RADIUS authorization server for authentication. Using common passwords or usernames as passwords is much less secure than using a strong password for each user.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide