Cisco Systems OL-12180-01 Configuring an Authentication Prompt

12-20

ASDM User Guide

OL-12180-01

Chapter12 Configuring AAA Servers and User Accounts

Configuring an Authentication Prompt

Tip Checking for basic network connectivity to the AAA server may save you time in troubleshooting. To

test basic connectivity, clickTools > Ping.

Fields

•AAA Server Group—Display only. Shows the AAA server group that the selected AAA server

belongs to.

•Host —Display only. Shows the hostname of the AAA server you selected.

•Authorization—Specifies that ASDM tests authorizing a user with the selected AAA server. If the

servertype selected does not support authorization, this radio button is not available. For example,

the security appliance cannot support authorization with Kerberos servers.

•Authentication—Specifies that ASDM tests authenticating a user with the selected AAA server. If

the server type selected does not support authentication, this radio button is not available. For

example, the security appliance cannot support authentication with LDAP servers.

•Username—Specifiesthe username you want to use to test the AAA server. Make sure the username

exists on the AAA server; otherwise, the test will fail.

•Password—Specifies the password for the username you entered in the Username field. The

Password field is available only for authentication tests. Make sure the password is correct for the

username entered; otherwise, the authentication test will fail.

Modes

The following table shows the modes in which this feature is available:

Configuring an Authentication Prompt

The Authentication Prompt pane (Configuration> Device Management > Users/AAA) lets you specify

text to display to the user during the AAA authentication challenge process.You can specify the AAA

challenge text for HTTP, FTP, and Telnet access through the security appliance when requiring user

authentication from TACACS+ or RADIUS servers. This text is primarily for cosmetic purposes and

displays above the username and password prompts that users view when logging in.

Ifthe user authentication occurs from Telnet, you can use the User accepted message and User rejected

messageoptions to display different status prompts to indicate that the authentication attempt is accepted

or rejected by the AAA server.

Ifthe AAA server authenticates the user, the security appliance displays the User accepted message text,

ifspecified, to the user; otherwise it displays the User rejected message text, if specified. Authentication

of HTTP and FTP sessions displays only the challenge text at the prompt. The User accepted message

and User rejected message text are not displayed.

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

••

1. HTTP Form and Clientless SSL VPN are supported only in single routed mode.

••—