Watching the "User Management" episode from "FirePOWER with Advanced FireSIGHT Administration" and had a question about a comment Todd made. At 14:38 "The other option under here is radius.You can use radius.I highly don't think you should do that."
This is from a segment discussing User Management for the FMC under the "System/Users/External Authentication" tab.
I'm working on migration from a 5505 to 5506. Wouldn't RADIUS be better? Is this no longer the case? I've used RADIUS for the VPNClient. Should I be looking to convert to LDAP with the new AnyConnect?
Our environment is small office w/ local 2012 AD servers and a site-to-site series of redundant servers.
-
Firepower Mgmt Center: RADIUS vs LDAP?
-
Apologies for the delay...
I was hoping to hear from Mr. Lammle himself on this question. I've reached out to him. But I'll asked the other guys here to see if they know of any reason this would be the case and try to see if we can find if this is a logical reason or just a preferential reason for his choice. -
Awesome. Thank you sir.
I've been crash-coursing the RADIUS research and haven't found anything in the negative. I'm beginning to wonder if it was mainly just a matter of brevity for the episode. -
I hope he'll answer my message to him...but I'm not sure either. The only thing that I can even think of is that the whole authentication process with RADIUS is not protected and only the password is encrypted...I wish I could tell you this is what was on Lammle's mind but I'm not sure it was.
-
"...there are issues with radius and external authentication, although it is probably fixed by now for basic auth; I use either AD or TACACS without issue." Thanks for writing, Todd -
Thanks Ronnie. And Todd, by extension.
