SSH Logins to Cisco Switch. RADIUS/Active Directory

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue Jan 28 11:14:34 CET 2014


On 28 Jan 2014, at 09:50, Luke Ramsden <lukermsdn at gmail.com> wrote:

> I have my shared secrets set in clients.conf and then on the cisco switch
> using the 'radius-server' command:
> http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrad.html#wp1001000
> 
> Is this hard-coded approach incorrect? When I view the radiusd -X output
> for a PAP request I dont have to get the shared secret right as its already
> there. Hope that makes sense.

Yes, it's fine to hardcode your shared secrets.
Yes, you'll see the cleartext password if running in debugging mode.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140128/a885cbfd/attachment.pgp>


More information about the Freeradius-Users mailing list