Cisco Cisco Firepower Management Center 2000
48-36
FireSIGHT System User Guide
Chapter 48 Managing Users
Managing Authentication Objects
Tip
If you mistype the name or password of the test user, the test fails even if the server configuration is
correct. To verify that the server configuration is correct, click
correct. To verify that the server configuration is correct, click
Test
without entering user information in
the
Additional Test Parameters
field first. If that succeeds, supply a user name and password to test with the
specific user.
To test user authentication:
Access:
Admin
Step 1
In the
User Name
and
Password
fields, type the user name and password for the user whose credentials
should be used to validate access to the RADIUS server.
For example, to test to see if you can retrieve the
jsmith
user credentials at our example company, type
jsmith.
Step 2
Select
Show Details
and click
Test
.
A message appears, either indicating success of the test or detailing what settings are missing or need to
be corrected.
be corrected.
Step 3
If the test succeeds, click
Save
.
The Login Authentication page appears, with the new object listed.
To enable RADIUS authentication using the object on an appliance, you must apply a system policy with
that object enabled to the appliance. For more information, see
that object enabled to the appliance. For more information, see
RADIUS Authentication Object Examples
License:
Any
This section provides examples of RADIUS server authentication objects to show how FireSIGHT
System RADIUS authentication features can be used. See the following sections for more information:
System RADIUS authentication features can be used. See the following sections for more information:
•
•
Authenticating a User Using RADIUS
License:
Any
The following figure illustrates a sample RADIUS login authentication object for a server running
FreeRADIUS with an IP address of 10.10.10.98. Note that the connection uses port 1812 for access, and
note that connections to the server time out after 30 seconds of disuse, then retry three times before
attempting to connect to a backup authentication server.
FreeRADIUS with an IP address of 10.10.10.98. Note that the connection uses port 1812 for access, and
note that connections to the server time out after 30 seconds of disuse, then retry three times before
attempting to connect to a backup authentication server.
This example illustrates important aspects of RADIUS user role configuration:
•
Users
ewharton
and
gsand
are granted administrative access to FireSIGHT System appliances where
this authentication object is enabled.
•
The user
cbronte
is granted Maintenance User access to FireSIGHT System appliances where this
authentication object is enabled.