I have a Cisco ASA5520 and have configured it to authenticate against AD using a win2008 box running Network policy server.
In ASDM I can test the auth and it works.
In ASDM->Device Management->AAA Access I can set which auth group I use to auth a user for enable, Telnet, SSH, ASDM/HTTP. When I set SSH to auth using the AD auth group that I created, it works fine....so I know the authentication is working.
Trouble is, it doesn't seem to work for a user authenticating with annyconnect VPN. I don't seem to be able to find how I tell the ASA to use my AD auth group and not the LOCAL auth group to authenticate VPN users.
Any help is greatly appreciated.
But you're probably landing on the defaultwebvpngroup, so change the authentication to be your ldap/ntlm aaa server group there and see if the behavior changes.
By default, SSL connectivity uses the DefaultWEBVPNGroup tunnel-group/connection profile. If you don't want to use that profile/tunnel-group, you have to use either aliases or group-urls to get it to land on a different one: