Solved: Re: Help :Two-Factor Authentication in ACS 5.4

ramkumar · ‎11-26-2013

Dear All,

We are presenting ACS POC in one of our client.

we did authentication using TACACS+ in the AD user with different previllages and working fine.

And also we implemented RSA secure ID authentication, and its is working fine.

our customer need two-factor authentication using RSA secureID password and AD username password (using TACACS+).

can any one help me how to implement this scenario?

it is very urgent, please help me how to implement two factor authentication using RSA secure ID and username and password.

Thanks,

P.Ramkumar.

Chris Illsley · ‎11-29-2013

Hi Again,

You should be able to find the information you need here:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/users_id_stores.html#wp1123587

Helpfully under the heading:

Identity Stores with Two-Factor Authentication

Cheers

Chris

View solution in original post

Chris Illsley · ‎11-28-2013

Hi,

What are you implementing two factor authentication on? Is this for device management, I don;t believe TACACS supports this.

Thanks

Chris

ramkumar · ‎11-28-2013

Hi Chris,

We are try to implement two factor authentication using RSA secure ID and TACACS+(user name and password mapped with AD).

Requirement :

when user try to login switch need user name and password (which is in their AD) and RSA secure ID for that user(in RSA they mapped that AD user ).if both the cretential are correct then only user get permission to login the switch.

If they dont support means any other way to implement this requirement?

can you (any one) please tell me or share me the step by step procedure for implement two-factor authentication(using RSA and any) in ACS 5.4.

Because i dont have a idea to implement two-factor authentication.

Any one help me how to implement two factor authentication in ACS 5.4.

and also is their any way to see the user in mapped AD group in ACS 5.x?

Thanks,

P.Ramkumar.

Chris Illsley · ‎11-29-2013

Hi Again,

You should be able to find the information you need here:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/users_id_stores.html#wp1123587

Helpfully under the heading:

Identity Stores with Two-Factor Authentication

Cheers

Chris

ramkumar · ‎11-29-2013

Dear chris,

Is it possible to restrict user access (read-only and super user) in switch using two factor authentication.?

our customer need switch login with username and password and the enable password is using in RSA.

if i want to configure the two-factor authentication means what are the combination of authenticators are possible?

what are the restrictions are in two factor authentication? (like this feature is not possible i.e switch mangement, privileges, etc...)

can i use with RSA and username password authentication , can i configure user privillage levels for AD user?

i tried with identity sequence,it only authenticate one factor,if it is successful connection is established, is any way to authenticate if the two sequences are matched? instead of OR we need AND.

please share any sample two-factor authentication guide for reference.

Thanks,

P.Ramkumar.

ramkumar · ‎01-21-2014

Dear Friends,

I have solved that problem.

i have used that divice login using the RADIUS(AD) and enable Password using theTACACS+(RSA).

And Authorize using Radius.

now it is working fine, but i could not restrict the user access(read-only and read-write). i tried many method(authorize tacacs) but result remains same.

Thanks for all your support,

P.Ramkumar.

paragmahajan40 · ‎02-17-2015

Hi RamKumar,

Could you please post switch commands you have used to achieve this. I am planning to achieve more and less same scenario.

Thanks in advance

Dong Yeol Park · ‎07-02-2015

Hi dear

Could u share the way of two-factor?

pratik.chamakale1 · ‎03-30-2016

Hello Ramkumar,

I know this post is old. But could share the steps followed to achieve two factor authentication.