Cisco ASA VPN + Openotp RadiusBridge
580 views
Skip to first unread message
DNT
Jul 21, 2013, 7:56:19 PM7/21/13
to rcdevs-t...@googlegroups.com
Hi :)
Currently i'm using asa (gns3) and rcdev virtual appliance for testing
After config for a while, now i created an event-based otp for an user, login success using LDAP password + OTP password in testing section in webadm portal
Now i'm trying Using OTP for 2 factor authentication with VPN solution of ASA Cisco
I followed the instruction in your website,port 1812, client.conf...
but when testing in Asa site, it's keep told me that : Authentication rejected : AAA failure
Pls help me! What i have to do next ?
Message has been deleted
DNT
Jul 21, 2013, 11:04:34 PM7/21/13
to rcdevs-t...@googlegroups.com
btw, when i use command in webadm virtual appliane : netstat -naopt
i didn't see port 1812 ( for radius authentication, right ? )
Administrators
Jul 22, 2013, 4:26:50 AM7/22/13
to rcdevs-t...@googlegroups.com
RADIUS is under UDP : netstat -naopu
Do you see any request reaching OpenOTP (in /opt/webadm/logs/soapd.log) when you try a login on ASA?
If not, do you see somaething in /opt/radiusd/logs/requests.log?
If not, do you see somaething in /opt/radiusd/logs/requests.log?
DNT
Jul 22, 2013, 4:41:33 AM7/22/13
to rcdevs-t...@googlegroups.com
Thank for your reply :)
Please look at my attachment. You're right!
+ netstat -> port 1812,1813 there
after take a look at those log, am i misconfigure openotp.conf in radiusd dir ?
I chose the number 3 password mode whit opt lenght. That's all i changed
or i need to config default domain ? and please instruct me where i have to change ?
THank you
Administrators
Jul 22, 2013, 4:48:51 AM7/22/13
to rcdevs-t...@googlegroups.com
You just need to set your WebADM Domain as Default Domain in the OpenOTP configuration under WebADM Menu -> Applications -> OTP Authentication Server
Nguyễn Tất Đạt
Jul 22, 2013, 4:54:24 AM7/22/13
to rcdevs-t...@googlegroups.com
i've just tick in the default domain section but there are no option than Default domain, i'm using Active Directory in Windows 2008 Server
and i restart webadm service but nothing change ?
--
You received this message because you are subscribed to a topic in the Google Groups "RCDevs Security Solutions - Technical" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rcdevs-technical/2GnFVSXQLqM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rcdevs-technic...@googlegroups.com.
To post to this group, send email to rcdevs-t...@googlegroups.com.
Visit this group at http://groups.google.com/group/rcdevs-technical.
For more options, visit https://groups.google.com/groups/opt_out.
DNT
Jul 22, 2013, 4:56:49 AM7/22/13
to rcdevs-t...@googlegroups.com
I've just ticked at Default Domain under WebADM Menu -> Applications -> OTP Authentication Server
but it's nothing than Default option ?
i've already restart webadm service and test in ASA ASDM again but it's still didn't work though
Administrators
Jul 22, 2013, 5:01:27 AM7/22/13
to rcdevs-t...@googlegroups.com
You need a Domain in WebADM for your users - It's not the AD domain.
Look at WebADM Admin Doc for details.
Look at WebADM Admin Doc for details.
You can create a domain in Menu -> Create -> WebADM LDAP Domain
Administrators
Jul 22, 2013, 5:01:43 AM7/22/13
to rcdevs-t...@googlegroups.com
On Monday, July 22, 2013 10:54:24 AM UTC+2, DNT wrote:
Administrators
Jul 22, 2013, 5:02:53 AM7/22/13
to rcdevs-t...@googlegroups.com
"Default" is the name of the Domain which was created by default.
You need to enable the checkbox for Default Domain and set "Default" as value in this case...
DNT
Jul 22, 2013, 5:25:14 AM7/22/13
to rcdevs-t...@googlegroups.com
Thank you so so much! Really appriciate your quickly support!
I did it!
Reply all
Reply to author
Forward
0 new messages