Re: We are using the Cisco ACS 5.3 as a RADIUS for database authentication and authorization. The purpose is to authenticate incoming users based on the NAS-PORT-ID. The problem is that we cannot find any solution for the Service Router (Alcatel 7750) to send the NAS-PORT-ID to act as USERNAME. The username field is set to the MAC address. The ACS requires a USERNAME and there is not a way to manipulate the User-Name value once it is received. We heard that it could be possible to use the freeradius to act as a proxy for the Cisco secure ACS. This is what we want: User --> [SR] --> User-Name = “MAC:xx.xx.xx.xx” Password = “secret” NAS-Port-Id = 1/1/4.1001.129 --> [FR] --> User-Name = “1/1/4.1001.129” Password = “secret” --> [ACS 5.3] Is there a solution for this option in the Freeradius? Is there a way to manipulate the User-Name sent from the service router, (MAC address), and change it to its NAS-Port-Id before it reaches the ACS RADIUS with help from the freeradius acting as a proxy?

Marinko Tarlać mangia81 at gmail.com
Wed Apr 25 15:13:01 CEST 2012


Next time put something in subject so we can know something about your 
problem...  :)

On 25.4.2012 15:03, Xbert_badstuber wrote:
> We are using the Cisco ACS 5.3 as a RADIUS for database authentication and
> authorization. The purpose is to authenticate incoming users based on the
> NAS-PORT-ID. The problem is that we cannot find any solution for the Service
> Router (Alcatel 7750) to send the NAS-PORT-ID to act as USERNAME. The
> username field is set to the MAC address.
>
> The ACS requires a USERNAME and there is not a way to manipulate the
> User-Name value once it is received.
> We heard that it could be possible to use the freeradius to act as a proxy
> for the Cisco secure ACS.
>
> This is what we want:
>
> User -->  [SR] -->  User-Name = “MAC:xx.xx.xx.xx” Password = “secret”
> NAS-Port-Id = 1/1/4.1001.129 -->  [FR] -->  User-Name = “1/1/4.1001.129”
> Password = “secret” -->  [ACS 5.3]
>
> Is there a solution for this option in the Freeradius?
>
> Is there a way to manipulate the User-Name sent from the service router,
> (MAC address), and change it to its NAS-Port-Id before it reaches the ACS
> RADIUS with help from the freeradius acting as a proxy?
>
> --
> View this message in context: http://freeradius.1045715.n5.nabble.com/We-are-using-the-Cisco-ACS-5-3-as-a-RADIUS-for-database-authentication-and-authorization-The-purpose-tp5664804p5664804.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list