LDAP Intergration with CISCO ASA

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

LDAP Intergration with CISCO ASA

Joe Preston
I am trying to use LDAP to setup 2FA with a CISCO ASA. Has anyone attempted this? If so, did you still have to enter a Group Authentication Password into the CISCO profile?
Reply | Threaded
Open this post in threaded view
|

Re: LDAP Intergration with CISCO ASA

Nick Owen
Administrator
Joe:

Are you using the Community version of WiKID?

Nick

On Tue, Oct 2, 2012 at 1:27 PM, Joe Preston [via WiKID Strong
Authentication Forums] <[hidden email]>
wrote:

> I am trying to use LDAP to setup 2FA with a CISCO ASA. Has anyone attempted
> this? If so, did you still have to enter a Group Authentication Password
> into the CISCO profile?
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/LDAP-Intergration-with-CISCO-ASA-tp7574683.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML



--
--
Nick Owen
WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
Reply | Threaded
Open this post in threaded view
|

Re: LDAP Intergration with CISCO ASA

Joe Preston
Sorry Nick for not replying sooner. I've been pulled in many directions right now. We are using the CE version on CentOs 6. We actually abandoned attempting LDAP for right now, unless you have a guide we can follow. We are now attempting TACACS+ integration with the Cisco ASA VPN.
Reply | Threaded
Open this post in threaded view
|

Re: LDAP Intergration with CISCO ASA

Nick Owen
Administrator
If you're using the Community version, then use tacacs. If Enterprise,
use Radius.

On Thu, Oct 25, 2012 at 6:47 PM, Joe Preston [via WiKID Strong
Authentication Forums] <[hidden email]>
wrote:

> Sorry Nick for not replying sooner. I've been pulled in many directions
> right now. We are using the CE version on CentOs 6. We actually abandoned
> attempting LDAP for right now, unless you have a guide we can follow. We are
> now attempting TACACS+ integration with the Cisco ASA VPN.
>
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/LDAP-Intergration-with-CISCO-ASA-tp7574683p7574728.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML



--
--
Nick Owen
WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
Reply | Threaded
Open this post in threaded view
|

Re: LDAP Intergration with CISCO ASA

Joe Preston
In reply to this post by Nick Owen
Hi Nick,

I am sorry for taking so long to reply. I thought I had replied to this. Today I noticed that it is not showing a reply.

Right now, we are using the CE version. We are trying to do a proof of concept. I need to get either the Cisco ASA working with LDAP or TACACS+, which we are having issues with the ASA talking to the WiKID server with either.

Right now, we have a network client setup with TACACS+. Port 49 is responsive. I installed the pam_devel rpm and pam_tacplus, but it seems I still am missing something. The WiKID logs do not seem like they are showing any attempts connection attempts from the ASA. So, let me know what info you need and I should be able to get it to you today because this is the only thing I am working on.
Reply | Threaded
Open this post in threaded view
|

Re: LDAP Intergration with CISCO ASA

Nick Owen
Administrator
Did you install xinetd on the WiKID server?

Also, you might need to run: /opt/WiKID/bin/tac_plus -C
/opt/WiKID/private/tacacs.conf

You can check to see if it is running with 'netstat -anp | grep 49'.

Feel free to do a PoC with the Enterprise version if that's your goal.


On Mon, Oct 29, 2012 at 1:24 PM, Joe Preston [via WiKID Strong
Authentication Forums] <[hidden email]>
wrote:

> Hi Nick,
>
> I am sorry for taking so long to reply. I thought I had replied to this.
> Today I noticed that it is not showing a reply.
>
> Right now, we are using the CE version. We are trying to do a proof of
> concept. I need to get either the Cisco ASA working with LDAP or TACACS+,
> which we are having issues with the ASA talking to the WiKID server with
> either.
>
> Right now, we have a network client setup with TACACS+. Port 49 is
> responsive. I installed the pam_devel rpm and pam_tacplus, but it seems I
> still am missing something. The WiKID logs do not seem like they are showing
> any attempts connection attempts from the ASA. So, let me know what info you
> need and I should be able to get it to you today because this is the only
> thing I am working on.
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/LDAP-Intergration-with-CISCO-ASA-tp7574683p7574733.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML



--
--
Nick Owen
WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication