Hi Ivan,
[email protected] wrote:
So I think what will happen is this:
- username/tokencode-password is passed from the Cisco ASA device
- this data is passed in cleartext to the script
- script splits the username/tokencode and username/password
- script proxies the u/tc via RADIUS to SecurID
- script uses PAP to pass the u/p to out directory
- script does these checks in sequence or concurrently
- once both sets of credentials are accepted, an accept is passed
back to the Cisco ASA device
Does this sound right?
Mostly. You will have to get the password from ldap rather then send it
to it. And the check it in pre-proxy (save yourself a proxy if user/pass
don't match). This should work with pap requests.
Ah, thank you! Apologies for the (to you) obvious problems in my
questions and statements, I've never done any RADIUS or LDAP
configuration before.
Cheers,
--
Greg Vickers
Phone: +61 7 3138 6902
IT Security Engineer & Project Manager
Queensland University of Technology, CRICOS No. 00213J
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
