I've run into the issue when trying to reproduce this scheme (http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00809a3fa5.shtml , PIX/ASA 8.x: CAC - SmartCards Authentication for Cisco VPN Client) via the CSM interface.
ASDM works great but when trying to use CSM I can't find the neccessary DN field under the "Distinguished Name (DN) Authorization Setting" of the AAA tab of the connection profile.
In ASDM I usually choose UPN (User principal name) and ASA sends "[email protected]" to the MS AD server and it works great. Neither atttribute works the same way, so the only attribute I can use for the "SmartLogon" certificate is UPN.
But CSM doesn't have this field in this tab!
So the qustion is - how can I send the right DN field from the User's SmartLogon certificate (MS CA, bound to the AD account) via CSM?
p.s. Sorry for the description - it may seem rather "unclear", I suppose.