Authenticating SSH login on a Cisco IOS switch to AD

Schaatsbergen, Chris Chris.Schaatsbergen at aleo-solar.de
Wed Feb 9 16:24:05 CET 2011


Greetings all,

We have a couple of Cisco switches that we administer using SSH sessions. Now I have been asked if we can authenticate the SSH login on our Windows 2008 Active Directory using our Freeradius (2.1.10) installation.

I have been looking and found:
http://wiki.freeradius.org/Cisco
for authenticating inbound shell users and 
http://deployingradius.com/documents/configuration/active_directory.html
for authenticating users on AD.

Now I am trying to combine those two. 

On the Freeradius server Samba and Kerberos are configured, the ntlm_auth returns an NT_STATUS_OK.

First question: Would this at all be possible?

And if so my second question: Unfortunately, when I add ntlm_auth to the authenticate section of sites-enabled/default and run freeradius -X I get an error that the ntlm_auth module could not be loaded though I have created the ntlm_auth file in the modules folder as described in the link. How should I get that to work?

Help would be highly appreciated.

Chris Schaatsbergen




More information about the Freeradius-Users mailing list