Authenticating SSH login on a Cisco IOS switch to AD
Gary Gatten
Ggatten at waddell.com
Wed Feb 9 16:30:44 CET 2011
If no one else jumps in I can he'll you out in a couple hours.
----- Original Message -----
From: Schaatsbergen, Chris [mailto:Chris.Schaatsbergen at aleo-solar.de]
Sent: Wednesday, February 09, 2011 09:24 AM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Authenticating SSH login on a Cisco IOS switch to AD
Greetings all,
We have a couple of Cisco switches that we administer using SSH sessions. Now I have been asked if we can authenticate the SSH login on our Windows 2008 Active Directory using our Freeradius (2.1.10) installation.
I have been looking and found:
http://wiki.freeradius.org/Cisco
for authenticating inbound shell users and
http://deployingradius.com/documents/configuration/active_directory.html
for authenticating users on AD.
Now I am trying to combine those two.
On the Freeradius server Samba and Kerberos are configured, the ntlm_auth returns an NT_STATUS_OK.
First question: Would this at all be possible?
And if so my second question: Unfortunately, when I add ntlm_auth to the authenticate section of sites-enabled/default and run freeradius -X I get an error that the ntlm_auth module could not be loaded though I have created the ntlm_auth file in the modules folder as described in the link. How should I get that to work?
Help would be highly appreciated.
Chris Schaatsbergen
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>
More information about the Freeradius-Users
mailing list