cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1694
Views
0
Helpful
4
Replies

Cisco ACS 3.1 and Safeword authentication

dkea
Level 1
Level 1

We are considering implementing ACS 3.1 in our environment and I am impressed with ACS so far but I've run in to one snag. I've configured ACS and I am able to authenticate to my routers via Safeword and AAA but passwords are being displayed in *** CLEAR TEXT ****. I did find a check box in Safeword that gives you the option to echo passwords but checking and unchecking this box makes no difference.

It is interesting to note that using the local ACS database and our Windows 2K active directory work correctly and does not echo the passwords. Safeword does work correctly and does not echo the password on any of our other NAS' like our VPN box. Any help is appreciated!!!

4 Replies 4

sghosh
Level 1
Level 1

Hi,

Do you mean that the password in echoed back on the screen of the telnet session to a router in clear text or the password is being send from the router in clear text to the ACS and then to the SDI server.

Is your VPN device talking to the SDI server directly via SDI protocol or thru ACs server using radius?

Thanks

Sujit

Thank you for your help! Yes, the password is being echoed back in clear text on the screen of the telnet session. I haven't sniffed the traffic yet to figure out if ACS is echoing the password or if Safeword is echoing the password. Our Contivity VPN server is talking directly to the Safeword server with a radius call on port 1812 as is our Neoteris appliance.

Thanks,

Derrick

mhoda
Level 5
Level 5

Hi,

This appears to be a problem on the NAS. What version of code you are running on the router? Did you try with any other router and different version to see if that makes any difference. Thanks,

Mynul

Hi Mynul,

The NAS code version is: IOS 3600 12.2(12a), Release (fc1). The other NAS I'm trying is IOS MSFC Software C6MSFC-ISV-M, Version 12.1(1)EX. I will try your suggestion and see if the problem is also exhibited on my Catalyst switches but I'm thinking that the problem is with either Safeword or ACS since authentication to the local ACS database works correctly. I have a TAC and Safeword case open so hopefully I can resolve this last problem and can move ahead with the purchase of ACS. I'll update my post after I do more testing.

Thanks,

Derrick

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: