Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ACS 3.1 and Safeword authentication

We are considering implementing ACS 3.1 in our environment and I am impressed with ACS so far but I've run in to one snag. I've configured ACS and I am able to authenticate to my routers via Safeword and AAA but passwords are being displayed in *** CLEAR TEXT ****. I did find a check box in Safeword that gives you the option to echo passwords but checking and unchecking this box makes no difference.

It is interesting to note that using the local ACS database and our Windows 2K active directory work correctly and does not echo the passwords. Safeword does work correctly and does not echo the password on any of our other NAS' like our VPN box. Any help is appreciated!!!

4 REPLIES
New Member

Re: Cisco ACS 3.1 and Safeword authentication

Hi,

Do you mean that the password in echoed back on the screen of the telnet session to a router in clear text or the password is being send from the router in clear text to the ACS and then to the SDI server.

Is your VPN device talking to the SDI server directly via SDI protocol or thru ACs server using radius?

Thanks

Sujit

New Member

Re: Cisco ACS 3.1 and Safeword authentication

Thank you for your help! Yes, the password is being echoed back in clear text on the screen of the telnet session. I haven't sniffed the traffic yet to figure out if ACS is echoing the password or if Safeword is echoing the password. Our Contivity VPN server is talking directly to the Safeword server with a radius call on port 1812 as is our Neoteris appliance.

Thanks,

Derrick

Silver

Re: Cisco ACS 3.1 and Safeword authentication

Hi,

This appears to be a problem on the NAS. What version of code you are running on the router? Did you try with any other router and different version to see if that makes any difference. Thanks,

Mynul

New Member

Re: Cisco ACS 3.1 and Safeword authentication

Hi Mynul,

The NAS code version is: IOS 3600 12.2(12a), Release (fc1). The other NAS I'm trying is IOS MSFC Software C6MSFC-ISV-M, Version 12.1(1)EX. I will try your suggestion and see if the problem is also exhibited on my Catalyst switches but I'm thinking that the problem is with either Safeword or ACS since authentication to the local ACS database works correctly. I have a TAC and Safeword case open so hopefully I can resolve this last problem and can move ahead with the purchase of ACS. I'll update my post after I do more testing.

Thanks,

Derrick

208
Views
0
Helpful
4
Replies
CreatePlease to create content