02-07-2014 10:56 AM
I have an ASA 5520, and we are undergoing an audit. Is there a way to view a list of users/accounts? I am tasked with reporting all users who's credentials will login to the ASA. All such users are in Active Directory, but I was advised that the "anyconnect group" is a catch-all group that will not be accurrate.
Solved! Go to Solution.
02-08-2014 11:53 PM
Hi Burgessf,
To view all user accounts locally created on ASA , go to ASDM--->Device Management--->Configuration-->Users/AAA-----> User Accounts.
Also if Active Directory is integrated for user authentication, then see which OU is specified under base DN attributes. ASA can query only that OU for user authentication.
Device Management-->Configuration----->AAA server Group--->Servers in the selected Group--->Select AD server------>Edit----> Base DN----->OU= what ever OU specified there.
All users specified in that OU can login to the device but they may have different level of authorization.
02-08-2014 11:53 PM
Hi Burgessf,
To view all user accounts locally created on ASA , go to ASDM--->Device Management--->Configuration-->Users/AAA-----> User Accounts.
Also if Active Directory is integrated for user authentication, then see which OU is specified under base DN attributes. ASA can query only that OU for user authentication.
Device Management-->Configuration----->AAA server Group--->Servers in the selected Group--->Select AD server------>Edit----> Base DN----->OU= what ever OU specified there.
All users specified in that OU can login to the device but they may have different level of authorization.
02-11-2014 06:53 AM
Poonam,
Thank you, your advice helped me greatly.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: