Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 8.0(4) VPN Authorization

I have configured client to gateway VPN's to authenticate with AD using Kerberos.

What I am trying to do is get LDAP authorization to only allow members of a certain OU to log in. Is this possible by setting the DN to look at one folder and only allow one level on the server configuration on the ASA?

2 REPLIES

Re: ASA 8.0(4) VPN Authorization

Try something like this,

aaa-server LDAP-AUTHO protocol ldap

aaa-server LDAP-AUTHO (inside) host

ldap-base-dn DC=TEST,DC=COM

ldap-scope subtree

ldap-naming-attribute sAMAccountName

ldap-login-password *

ldap-login-dn CN=admin,CN=Users,DC=TEST,DC=COM

server-type microsoft

ldap-attribute-map AD-map

ldap attribute-map AD-map

map-name memberOf Tunnel-Group-Lock

map-value memberOf CN=CiscoVPN,CN=Users,DC=TEST,DC=COM

tunnel-group general-attributes

authorization-server-group LDAP-AUTHO

Regards,

Prem

Please rate if it helps!

New Member

Re: ASA 8.0(4) VPN Authorization

Thanks! The piece I am missing is the attribute map. I will try and let you know.

419
Views
5
Helpful
2
Replies