(On the KDC.) Create a user account in the Microsoft Active Directory for the ASA (go to Start > Programs > Administrative Tools > Active Directory Users and Computers). To accomplish KDC authentication, you must do the following: If KDC authentication fails, the server is considered untrusted That you generated from the KDC and then uploaded to the ASA. The system then validates the returned service ticket against the secret key for the KDC, which is stored in a keytab file Requests a service ticket on behalf of the user for host/ ASA_hostname. When you enable KDC validation, after obtaining the ticket-granting ticket (TGT) and validating the user, the system also By validating the KDC, you can prevent an attack where the attacker spoofs the KDC so that user credentialsĪre authenticated against the attacker’s Kerberos server. To accomplish the authentication, you must also import a keytab file that you exported from the Kerberos Key DistributionĬenter (KDC). You can configure a Kerberos AAA server group to authenticate the servers in the group using the validate-kdc command. To disable KDC authentication, use the no form of this command. To enable the authentication of the Kerberos Key Distribution Center (KDC) using an uploaded keytab file, use the validate-kdccommand in aaa-server group mode. Sets parameters for an inspection policy map. The following example shows how to enable RADIUS accounting for the user name RADIUS attribute:Ĭiscoasa(config)# policy-map type inspect radius-accounting raĬiscoasa(config-pmap-p)# validate-attribute 1 Related Commands You can find a list of RADIUS attribute types here: Multiple instances of this command are allowed. When this command is configured, the security appliance will also do a match on these attributes in addition to the Framed Radius-accounting parameter configuration The following table shows the modes in which you can enter the command: Vendor Specific Attributes are not supported. The RADIUS attribute to be validated with RADIUS accounting. To validate RADIUS attributes when using RADIUS accounting, use the validate-attributecommand in radius-accounting parameter configuration mode, which is accessed by using the inspect radius-accountingcommand.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |