06-21-2002 02:30 PM - edited 02-20-2020 09:17 PM
How can I configurate Cisco Secure or AS5300 for not double authentication?
06-21-2002 05:44 PM
Pl. explain in detail about what exactly you want to do..thanks..Tejal
06-23-2002 07:25 AM
I have a Cisco Secure Server on Unix Version 2.3 (5) and I have several equipment AS5300, when a user connects by dialup to AS5300 he has that to be validate by Cisco Secure.
The configuration of Cisco Secure is:
*RADIUS CISO
Reply Attributes------ User-Service-Type(Framed User)
------ Frame Protocol (PPP)
Check Items -------User-Service-Type(Framed User)
-------Frame Protocol (PPP)
The User (CHAP)
I need to know when the user is connected, he can not to connect with the same one username and password for the second time.
The configuration of AS5300 is:
Ver. 12.1(1a)T1
aaa authentication login no_radius enable
aaa authentication login no_consola enable
aaa authentication login line line
aaa authentication ppp default group radius
aaa accounting update newinfo
interface Group-Async1
ip unnumbered Loopback0
encapsulation ppp
async default routing
async mode interactive
no snmp trap link-status
peer default ip address pool default
ppp authentication chap
group-range 1 120
ip radius source-interface Loopback0
radius-server host 172.16.10.12 auth-port 1645 acct-port 1646 key 7 internet radius-server retransmit 3
radius-server timeout 30
radius-server key 7 internet
line 1 120
autoselect ppp
modem InOut
transport preferred none
transport input all
transport output lat pad telnet rlogin udptn v120 lapb-ta
Thanks.
Moses
06-23-2002 09:35 AM
Here is the link which has a sample config discuss that in detail along with radius config too.
http://www.cisco.com/warp/public/793/access_dial/basicradius.shtml
Now, if you don't want user to connect with the same username and password again when they dialin, you need to use OTP (one time password) where password is different for each login..Here is the place which discuss that..For
Double authentication design guide
http://www.cisco.com/warp/public/129/26.html
For One time Password
http://www.cisco.com/warp/public/129/24.html
Tejal
06-24-2002 02:43 AM
If i understand you correctly, you do not want the user to get in again if it has already logged in before i.e. max-session control
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/cs_unx/acsu235/mss.htm#xtocid99051
HTH
R/Yusuf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide