Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CSS - Radius authentication problem

Hi,

for a customer we need to configure Radius authentication working like this:

- CSS administrator login to device at user level

- then switch to "enable" mode using a superuser level account.

First login to CSS with a Radius account at user level works fine, but (after enable command) the login at superuser level doesn't work neighter with Radius account nor with local superuser account.

Ver.: 08.10.4.01

This is the configuration:

radius-server primary 10.113.212.17 secret XXX auth-port 1645

radius-server source-interface 10.113.212.32

sntp primary-server 10.113.205.1 version 3

date european-date

radius-server secondary 10.113.197.24 secret XXX auth-port 1645

radius-server dead-time 15

radius-server retransmit 15

radius-server timeout 15

virtual authentication primary radius

virtual authentication secondary local

username ZZZ des-password ZZZ superuser

Any idea?

Thanks in advance.

1 REPLY
Cisco Employee

Re: CSS - Radius authentication problem

is your server correctly configured as described at :

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/security/guide/Radius.html#wp1108380

"From the Group Settings section of the Cisco Secure ACS HTML interface, click the IETF RADIUS Attributes, [006] Service-Type checkbox. Then select Administrative. Administrative is required to enable RADIUS authentication for privileged user (SuperUser) connection with the CSS. "

Gilles.

194
Views
0
Helpful
1
Replies
CreatePlease to create content