Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1308
Views
0
Helpful
1
Replies

Group policy map with LDAP attribute, Radius Auth.

danhed7400
Level 1
Level 1

‎02-02-2012 01:22 AM - edited ‎03-10-2019 06:47 PM

hi.

i have a working ASA5510 setup.

Today Remote users connect to the internal net, with Cisco Anyconnect. user are authenticated,based on group membership in AD, (using LDAP connection, from ASA to DC) VPN Group policys are mapped to users with LDAP Attributes, chekking AD group membership.

im in the process of implementing Vasco Security tokens, the communication between the ASA and the Vasco identikey server, goes through a RADIUS server.

so my question is, is it possible to still map users to VPN group policys, using LDAP attributs, when users validates to a RADIUS server.

Labels:
0 Helpful
1 Reply 1

Herbert Baerten
Cisco Employee
Cisco Employee

‎02-07-2012 05:10 AM

Hi Dan,

yes you can do double authentication (user enters username, token and AD password) or you can do Radius authentication and LDAP authorization (user enters username & token, after radius authentication the ASA then does an LDAP lookup (not an authentication) to get the attributes).

For a more complete answer see the answer to Pavel's question in this thread:

https://supportforums.cisco.com/message/3510246

hth

Herbert

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents