[c-nsp] SecureACS Appliance & AD Authentication

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Fri Feb 26 13:32:10 EST 2010

Personally i'd go for freeradius or radiator RADIUS server for the backend policy/logic - both work well with AD and handle many EAP types . Proxying etc

--- original message ---
From: "Ryan Lambert" <thirdfrl.nsp at gmail.com>
Subject: [c-nsp] SecureACS Appliance & AD Authentication
Date: 26th February 2010
Time: 5:11:16

Hi everyone,

Figure this is as good a place as any to reach out and see if anyone has
some experience with this.

I'm currently debating whether I use LDAP or a Remote Agent for Windows with
my SecureACS Appliance to authenticate network users via AD. I've read
through the documentation a bit, but I still have a couple questions:

- If I use the remote agent, is there a way I can only allow specific users
in an AD domain to log onto network devices? For obvious reasons I would not
want to allow each and every user in the domain to access my
routers/switches via SSH.
- Is there a method to doing this same restriction via LDAP?
- As a network admin with little/no access to the actual AD admin snap-in,
I'd much PREFER to have all of this in my control, with the exception of
obviously installing the Agent software on a member server if that's the
route we eventually go.

Thanks in advance.

cisco-nsp mailing list  cisco-nsp at puck.nether.net
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list