The RAD-Series AAA server must be configured to use Cisco LEAP. This is
accomplished by modifying the following three RAD-Series configuration files.
/etc/opt/aaa/clients
This file specifies the RADIUS clients that are recognized by the server. Add a line
that specifies the Cisco Network Access Server (NAS) that will be acting as a client
to the RAD-Series server. One must also specify the secret shared between the NAS
and the RAD-Series server. The following is an example configuration:
w03.mydomain.com secret Type=Cisco:NAS
/etc/opt/aaa/users
This file identifies the users that will be authenticating via LEAP. The Authentication
Type must be specified as “Realm”. This will allow all users for a given realm to be
authenticated using LEAP. One must also add “Check-Items” and “Reply-Items”
which define authentication and authorization for the user. The following is an
example configuration:
jane@mydomain.com Authentication-Type=Realm,Password=Janepassword
/etc/opt/aaa/authfile
This file contains a list of realm names and authentication methods for those realms.
For each realm, one must associate the realm name with the LEAP authentication
method. The following is an example configuration:
mydomain.com EAP “Cisco LEAP Realm”
{
EAP-Type CiscoLEAP
}
These configurations will allow the authentication of users with LEAP. For more
information, please see the RAD-P or RAD-E Authentication Guide documentation.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment