RADIUS Authentication;  ASA 5510/5505/PIX 501 "Populate Domain Field of Cisco Login Dialogue Box"

wwakefield
wwakefield used Ask the Experts™
on
I have succesfully set up RADIUS authentication for Cisco VPN users to authenticate against the Windows Server 2003 AD with IAS.  Configured on Cisco ASA 5510 but will also firld to 5505 and Cisco PIX 501.

Is there a way to automatically populate the DOMAIN field on the Cisco login prompt which consist of a Cisco dialogue box with fields for USERNAME, PASSWORD, and DOMAIN.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
What Cisco login prompt? Do you mean on the VPN Client? Is it the Cisco VPN Client, the AnyConnect client, or something else?

Author

Commented:
Cisco vPN Client version 5x.

After clicking connect, cisco prompt (dialogue box) that appears to authenticate against Active Directory.   Fields are:

USERNAME
PASSWORD
DOMAIN

-Not a big deal, it is gonna be a hassle with folks remembering the various domains.
Hmmm, in my test environment I am running Cisco VPN Client 5.0.07.0290. When I connect to an ASA 5520 I get a USERNAME AND PASSWORD prompt but no DOMAIN.

You are using IPSec with Group Authentication, right?
Commented:
Not possible.

The most you can do (that i know) is set up the policy on IAS to require the user to be a domain user or something that you could use to determine it's a domain account.

Whatever you type in will be detected as a username even if you put a \ on the username.

Author

Commented:
Thanks for the confirmation!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial