Chapter 12 Configuring AAA Servers and User Accounts

Configuring an Authentication Prompt

Tip Checking for basic network connectivity to the AAA server may save you time in troubleshooting. To test basic connectivity, click Tools > Ping.

Fields

AAA Server Group— Display only. Shows the AAA server group that the selected AAA server belongs to.

Host — Display only. Shows the hostname of the AAA server you selected.

Authorization—Specifies that ASDM tests authorizing a user with the selected AAA server. If the server type selected does not support authorization, this radio button is not available. For example, the security appliance cannot support authorization with Kerberos servers.

Authentication—Specifies that ASDM tests authenticating a user with the selected AAA server. If the server type selected does not support authentication, this radio button is not available. For example, the security appliance cannot support authentication with LDAP servers.

Username—Specifies the username you want to use to test the AAA server. Make sure the username exists on the AAA server; otherwise, the test will fail.

Password—Specifies the password for the username you entered in the Username field. The Password field is available only for authentication tests. Make sure the password is correct for the username entered; otherwise, the authentication test will fail.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode

 

Security Context

 

 

 

 

 

 

 

 

 

 

 

Multiple

 

 

 

 

 

 

Routed

Transparent

Single

Context

System

 

 

 

 

 

 

1

 

 

 

 

 

 

 

1. HTTP Form and Clientless SSL VPN are supported only in single routed mode.

Configuring an Authentication Prompt

The Authentication Prompt pane (Configuration > Device Management > Users/AAA) lets you specify text to display to the user during the AAA authentication challenge process.You can specify the AAA challenge text for HTTP, FTP, and Telnet access through the security appliance when requiring user authentication from TACACS+ or RADIUS servers. This text is primarily for cosmetic purposes and displays above the username and password prompts that users view when logging in.

If the user authentication occurs from Telnet, you can use the User accepted message and User rejected message options to display different status prompts to indicate that the authentication attempt is accepted or rejected by the AAA server.

If the AAA server authenticates the user, the security appliance displays the User accepted message text, if specified, to the user; otherwise it displays the User rejected message text, if specified. Authentication of HTTP and FTP sessions displays only the challenge text at the prompt. The User accepted message and User rejected message text are not displayed.

 

ASDM User Guide

12-20

OL-12180-01

Page 19 Page 21
Page 20
Image 20
Cisco Systems OL-12180-01 manual Configuring an Authentication Prompt, 12-20
Page 19 Page 21
Top Page Image Contents