[cisco-voip] OT Radius authentication with a 2800 router
Lelio Fulgenzi
lelio at uoguelph.ca
Tue Jan 4 10:25:11 EST 2011
And you can easily disable the account and enable it when required (if 24hr/7day/wk access is not required). If you had to create a local account on each router and a security issue arose, bad news.
---
Lelio Fulgenzi, B.A.
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1
(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Cooking with unix is easy. You just sed it and forget it.
- LFJ (with apologies to Mr. Popeil)
----- Original Message -----
From: "Go0se" <me at go0se.com>
To: "Jason Aarons (US)" <jason.aarons at us.didata.com>, "Mike King" <me at mpking.com>, "Cisco VoIPoE List" <cisco-voip at puck.nether.net>
Sent: Tuesday, January 4, 2011 10:23:01 AM
Subject: Re: [cisco-voip] OT Radius authentication with a 2800 router
I don't know how many routers you would have to touch but even if there were
a solution it would be a pain to have to go touch each one. Simply create a
generic AD account and if they are worried about network/workstation access
don't give the account logon rights on your domain. It will still be able to
log into your network devices.
Thanks,
Go0se
My blog:
http://atc.go0se.com
--------------------------------------------
Help Hopegivers International
Feed the orphans of Haiti and India
http://www.hopegivers.org
--------------------------------------------
-----Original Message-----
From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Jason Aarons (US)
Sent: Monday, January 03, 2011 7:03 PM
To: Mike King; Cisco VoIPoE List
Subject: Re: [cisco-voip] OT Radius authentication with a 2800 router
Correct, you need to add them to AD. The fallback method is local usually.
-----Original Message-----
From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Mike King
Sent: Monday, January 03, 2011 11:03 AM
To: Cisco VoIPoE List
Subject: [cisco-voip] OT Radius authentication with a 2800 router
Sorry for the slightly off topic question.
We've been using Radius authentication with our 2800 routers for a while,
but I've been handed an interesting directive.
We have a third party that will need access to our 2800 routers. I've been
asked to make a local account on the 2800's, as management does not want to
added them to the directory (Active Directory) We're using Microsoft NPS
(IAS for Server 2008) as a radius backend.
Unfortunately, it's been my experience, when you enable RADIUS, you cannot
login with local accounts unless the RADIUS server does not respond.
Am I missing an easy way to do this?
Mike
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
-----------------------------------------
Disclaimer:
This e-mail communication and any attachments may contain confidential and
privileged information and is for use by the designated addressee(s) named
above only. If you are not the intended addressee, you are hereby notified
that you have received this communication in error and that any use or
reproduction of this email or its contents is strictly prohibited and may be
unlawful. If you have received this communication in error, please notify
us immediately by replying to this message and deleting it from your
computer. Thank you.
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110104/ffebc28f/attachment.html>
More information about the cisco-voip
mailing list