RE: freeradius and cisco hidden share

This is a discussion on RE: freeradius and cisco hidden share within the FreeRADIUS Users forums, part of the Networking and Network Related category; It sounds like your trying to encrypt the shared secret in the router config. Or, your trying to copy the ...


Go Back   Usenet Forums > Networking and Network Related > FreeRADIUS Users

Reload this Page RE: freeradius and cisco hidden share

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-09-2007
King, Michael
 
Posts: n/a
Default RE: freeradius and cisco hidden share

It sounds like your trying to encrypt the shared secret in the router
config. Or, your trying to copy the encrypted shared secret and paste
it. (The 7 is what tipped me off)

First, you need to verify that you have the password-encryption is
enabled in the IOS. This is the magic that makes that happen.

Second, Be aware that IOS from 12.2 to 12.4 is majorly different. Trust
me, I've just ended a 4 firmware upgrade nightmare (Went from 12.2, to
12.3, to 12.4, to another 12.4) just to chase down a bug that popped up
in 12.3 (We needed a new feature that didn't exist in 12.2 or we would
have stayed there)

This is taken from the internet, but it looks like it will fit you
pretty well.
http://briandesmond.com/blog/archive...henticate-agai
nst-Active-Directory-from-Cisco-IOS.aspx

The IOS side of the configuration is quite easy. The commands can be
entered sequentially either as a paste in from a text file or as part of
some automated procedure (e.g. SecureCRT scripts, an Expect shell
script, etc). The sample config below assumes two RADIUS servers with IP
addresses 192.168.1.10 and 192.168.1.11. The sample also sources all
requests from interface Loopback0:

Note: Don't use the key of Cis$ko. Make up your own.

conf t
aaa new-model
radius-server host 192.168.1.10 auth-port 1812 acct-port 1813 key Cis$ko
radius-server host 192.168.1.11 auth-port 1812 acct-port 1813 key Cis$ko

ip radius source-interface Loopback0

aaa group server radius RadiusServers
server 192.168.1.10 auth-port 1812 acct-port 1813
server 192.168.1.11 auth-port 1812 acct-port 1813
exit

aaa authentication login default group RadiusServers local
exit

Assuming the password-encryption service is started on the device the
shared secrets will be encrypted after they're entered. It is also
highly recommended that a local login exist in case there is a failure
to communicate with the RADIUS servers for any reason (the
authentication order in the configlet specifies falling back to the
local database after the RadiusServers group). Ports 1812 and 1813 are
specified in this configuration, so the necessary holes will need to be
punched through firewalls and access-lists to allow this to work. To
change the ports utilized by IAS, pull up the properties of the root
node in the console and choose the ports tab.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 08:41 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0