Authenticating SSH login on a Cisco IOS switch to AD
Brian Candler
B.Candler at pobox.com
Wed Feb 9 17:28:36 CET 2011
On Wed, Feb 09, 2011 at 04:24:05PM +0100, Schaatsbergen, Chris wrote:
> We have a couple of Cisco switches that we administer using SSH sessions.
> Now I have been asked if we can authenticate the SSH login on our Windows
> 2008 Active Directory using our Freeradius (2.1.10) installation.
The solution I have built is to configure freeradius as a proxy, and install
IAS on the Windows AD server. You can use AD groups to configure specific
reply attributes for specific users in IAS.
Windows AD is limited to 50 clients (unless you have Enterprise edition) -
but that is client IPs. Your freeradius server counts as only one, no
matter how many Cisco boxes are authenticating through it.
Regards,
Brian.
More information about the Freeradius-Users
mailing list