Cisco Systems OL-12180-01 manual Configuring an Authentication Prompt, 12-20

Page 20

Chapter 12 Configuring AAA Servers and User Accounts

Configuring an Authentication Prompt

Tip Checking for basic network connectivity to the AAA server may save you time in troubleshooting. To test basic connectivity, click Tools > Ping.

Fields

AAA Server Group— Display only. Shows the AAA server group that the selected AAA server belongs to.

Host — Display only. Shows the hostname of the AAA server you selected.

Authorization—Specifies that ASDM tests authorizing a user with the selected AAA server. If the server type selected does not support authorization, this radio button is not available. For example, the security appliance cannot support authorization with Kerberos servers.

Authentication—Specifies that ASDM tests authenticating a user with the selected AAA server. If the server type selected does not support authentication, this radio button is not available. For example, the security appliance cannot support authentication with LDAP servers.

Username—Specifies the username you want to use to test the AAA server. Make sure the username exists on the AAA server; otherwise, the test will fail.

Password—Specifies the password for the username you entered in the Username field. The Password field is available only for authentication tests. Make sure the password is correct for the username entered; otherwise, the authentication test will fail.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode

 

Security Context

 

 

 

 

 

 

 

 

 

 

 

Multiple

 

 

 

 

 

 

Routed

Transparent

Single

Context

System

 

 

 

 

 

 

1

 

 

 

 

 

 

 

1. HTTP Form and Clientless SSL VPN are supported only in single routed mode.

Configuring an Authentication Prompt

The Authentication Prompt pane (Configuration > Device Management > Users/AAA) lets you specify text to display to the user during the AAA authentication challenge process.You can specify the AAA challenge text for HTTP, FTP, and Telnet access through the security appliance when requiring user authentication from TACACS+ or RADIUS servers. This text is primarily for cosmetic purposes and displays above the username and password prompts that users view when logging in.

If the user authentication occurs from Telnet, you can use the User accepted message and User rejected message options to display different status prompts to indicate that the authentication attempt is accepted or rejected by the AAA server.

If the AAA server authenticates the user, the security appliance displays the User accepted message text, if specified, to the user; otherwise it displays the User rejected message text, if specified. Authentication of HTTP and FTP sessions displays only the challenge text at the prompt. The User accepted message and User rejected message text are not displayed.

 

ASDM User Guide

12-20

OL-12180-01

Page 19 Page 21
Image 20
Page 19 Page 21
Contents 12-1 About AuthenticationAAA Overview About Authorization AAA Server and Local Database SupportAbout Accounting 12-212-3 Summary of SupportRadius Server Support Authentication Methods Radius Authorization FunctionsTACACS+ Server Support SDI Server SupportTwo-step Authentication Process NT Server SupportKerberos Server Support SDI Version SupportLdap Server Support SSO Support for Clientless SSL VPN with Http FormsLocal Database Support 12-6Configuring the Local Database User ProfilesFallback Support 12-7User Accounts 12-8Add/Edit User Account Identity 12-9Add/Edit User Account VPN Policy 12-1012-11 12-12 Identifying AAA Server Groups and ServersAAA Server Groups 12-13 Add/Edit AAA Server Group 12-1412-15 Edit AAA Local Server GroupAdd/Edit AAA Server 12-16 12-17 12-18 Test AAA Server 12-19Configuring an Authentication Prompt 12-20Configuring an Ldap Attribute Map 12-2112-22 Add/Edit Ldap Attribute MapAdd/Edit Ldap Attribute Map Map Name Tab 12-23 Add/Edit Ldap Attribute Map Map Value TabAdd/Edit Ldap Attributes Value Map 12-24
Top Page Image Contents