ASA 8.0(4) VPN Authorization

Unanswered Question
Sep 10th, 2008

I have configured client to gateway VPN's to authenticate with AD using Kerberos.

What I am trying to do is get LDAP authorization to only allow members of a certain OU to log in. Is this possible by setting the DN to look at one folder and only allow one level on the server configuration on the ASA?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Premdeep Banga Wed, 09/10/2008 - 09:27

Try something like this,

aaa-server LDAP-AUTHO protocol ldap

aaa-server LDAP-AUTHO (inside) host

ldap-base-dn DC=TEST,DC=COM

ldap-scope subtree

ldap-naming-attribute sAMAccountName

ldap-login-password *

ldap-login-dn CN=admin,CN=Users,DC=TEST,DC=COM

server-type microsoft

ldap-attribute-map AD-map

ldap attribute-map AD-map

map-name memberOf Tunnel-Group-Lock

map-value memberOf CN=CiscoVPN,CN=Users,DC=TEST,DC=COM

tunnel-group general-attributes

authorization-server-group LDAP-AUTHO

Regards,

Prem

Please rate if it helps!

Actions

This Discussion