Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ASA5500 AAA SERVER GROUP (RADIUS) -> FREERADIUS AUTH

hello,

i'm trying to authenticate users from ASA 5520 to FREERADIUS on Debian

Does anyone succed in ? what's the way to ?

thanks

3 REPLIES

Re: ASA5500 AAA SERVER GROUP (RADIUS) -> FREERADIUS AUTH

Did that once and worked like a charm, as far as I remember you need to manually edit the clients.conf file on the radius service of freeradius and add the NAS ip address, key and ID I believe the doc for freeradius will help:

http://wiki.freeradius.org/Configuration

cheers

Community Member

Re: ASA5500 AAA SERVER GROUP (RADIUS) -> FREERADIUS AUTH

thanks

ok it found now !!

but only if i put in clear text the password in the users file as:

youruser   Cleartext-Password := "somepass"
           Service-Type = NAS-Prompt-User,

so i don't use password stored in the freeradius data base

that's not enough secure for an auth service

regards

Community Member

Re: ASA5500 AAA SERVER GROUP (RADIUS) -> FREERADIUS AUTH

There are many other databases you can use. Check the users file in /etc/raddb/users for examples.

You can also have it authenticate against the unix user db, i.e. /etc/passwd. This is the default configuration for freeradius.

e.g. /etc/raddb/users

DEFAULT Auth-Type = System
        Fall-Through = 1

/etc/passwd uses MD5 for its hashing if I'm not mistaken.

Cheers,

Conor

957
Views
0
Helpful
3
Replies
CreatePlease to create content