×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

VPN Site to client with LDAP Authentication

Unanswered Question
Feb 17th, 2012
User Badges:

Hello Everyone,



I have a VPN site to client, provide this access with LDAP authentication.

But, users can authenticate in VPN without inside in group "users_vpn" in active directory.

Only users inside users_vpn group can authenticate.


The question is, whats wrong in my configuration for permit the authentication based on users_vpn group?


tunnel-group FUNCIONARIOS type remote-access

tunnel-group FUNCIONARIOS general-attributes

address-pool FUNC-PAN

authentication-server-group AD_LDAP LOCAL

default-group-policy FUNCIONARIOS



aaa-server AD_LDAP (inside) host 172.17.2.35

timeout 300

ldap-base-dn DC=domain,DC=com,DC=br

ldap-group-base-dn CN=USERS_VPN,CN=Users,DC=domain,DC=com,DC=br

ldap-scope subtree

ldap-naming-attribute sAMAccountName

ldap-login-password *****

ldap-login-dn CN=usr_auth_vpn,CN=Users,DC=domain,DC=com,DC=br

server-type microsoft

ldap-attribute-map ASAMAP

group-search-timeout 15


panfw2860#sh run ldap attribute-map ASAMAP

map-name  memberOf Group-Policy

map-value memberOf CN=USERS_VPN,CN=Users,DC=domain,DC=com,DC=br USERS_VPN


Tks a lot,


Rafael Mendes

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion