Authenticating with Active Directory

[Whipster]

I have a requirement to use active directory for authenticating users to the switch, and I followed the instructions in the manual. I have tried with LDAP, however I can not find a download for the Alcatel LDAP schema that the instructions say I must have. Because of this, I switched over to using RADIUS. I found instructions for implementing authentication with Active Directory using RADIUS, but I cannot get it to work either. The instructions I have are for Server 2003. I am using Server 2008R2, but I feel confident that I matched up the differences correctly. Does anyone have a decent cheatsheet on doing this that they have seen work with Server 2008 R2? The details of my configuration are below:

VirtualChassis2-> show aaa server
Server name = DC-01
Server type = RADIUS,
IP Address 1 = 10.10.10.XX,
Retry number = 3,
Time out (sec) = 2,
Authentication port = 1812,
Accounting port = 1813,
VRF = default
Server name = dc-01
Server type = LDAP,
IP Address 1 = 10.10.10.XX,
Port = 389,
Domain name = Alcatel,
Search base = cn=Switch Admins,
Retry number = 3,
Time out (sec) = 2

VirtualChassis2-> show microcode
Package Release Size Description
-----------------+---------------+--------+-----------------------------------
Kbase.img 6.4.4.585.R01 18617753 Alcatel-Lucent Base Software
K2os.img 6.4.4.585.R01 1959554 Alcatel-Lucent OS
Keni.img 6.4.4.585.R01 5763476 Alcatel-Lucent NI software
Ksecu.img 6.4.4.585.R01 649219 Alcatel-Lucent Security Management


aaa radius-server "DC-01" host 10.10.10.XX key 717da3fc9d24fe7e retransmit 3 timeout 2 auth-port 1812 acct-port 1813
aaa ldap-server "dc-01" host 10.10.10.XX dn "Alcatel" password 4f26eb50bfd1d5d2fa95cf3246d2532e base "cn=Switch Admins" type generic retransmit 3 timeout 2 no ssl
aaa authentication default "local"
aaa authentication console "local"
aaa authentication telnet "dc-01"

[Whipster]

I found what I needed for the LDAP, but while doing that I was able to get the RADIUS implementation working. Now I need to find the hexadecimal bitmasks for the functional read write privelages on the radius server. Anyone have any ideas?

[devnull]

For read-write all in NPS use:
Vendor 800
VSA (do konform):
9 (String) All
41 (Hexa) FFFFFFFF
42 (Hexa) FFFFFFFF



For granular rights i would recommend using the Webgui of a Switch -> Security -> ASA -> Local User ->Familiy Bitmap Calculator, click what you need it calculates the Bitmaps for you..

And remember: for Access by SSH even a read-only all user needs write access to SSH (i think it may be because of public keys stored there..)

[Whipster]

devnull,

Thank you for the help. I was able to get everything working. If anyone needs a cheat sheet for Authenticated Switch Access with OS6850E and Server 2008R2 (click by click directions), I have it and will send it to you by request. Thanks to everyone posting on all the boards. I found a lot of useful info here.

[blupsy]

devnull,

Thank you for the help. I was able to get everything working. If anyone needs a cheat sheet for Authenticated Switch Access with OS6850E and Server 2008R2 (click by click directions), I have it and will send it to you by request. Thanks to everyone posting on all the boards. I found a lot of useful info here.

Hi Whipster,

please can you send me the detailed Configuration?

Greats Michael

[ccano]

Whipster, I could use a copy of that cheat sheet as well. Thanks for the help!

[pdinanno]

Hi Whipster,
Could U send me that tip about 6850 and 2008R2 authenticating way. i´m interested to
Lot of Thanks

[kypatop]

devnull,

Thank you for the help. I was able to get everything working. If anyone needs a cheat sheet for Authenticated Switch Access with OS6850E and Server 2008R2 (click by click directions), I have it and will send it to you by request. Thanks to everyone posting on all the boards. I found a lot of useful info here.

Hello Whipster,
Could you please send me click by click cheat sheet for Authenticated Switch Access with OS6850E ?

[FSE-FN]

Hello Whipster,

could you please send me a copy of the detailed Configuration as well?
Thanks for the help!

Best regards, Frank

[Nerdbert]

I would like really like to have a look at the sheet aswell