Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

it is possible to map each user in AAA to CN field located in certificat?

hello

I am using certificate for VPN remote access.

it is possible to map each user in AAA to CN field located in certificat?

thank you for your help

1 REPLY
New Member

Re: it is possible to map each user in AAA to CN field located i

Hi,

Please see this configuration example.

ldap attribute-map memberOf
  map-name  memberOf IETF-Radius-Class
  map-value memberOf CN=VPN,CN=Users,DC=cisco,DC=com CAC-Users

aaa-server LDAP protocol ldap
aaa-server LDAP (outside) host 192.168.250.27
ldap-base-dn DC=cisco,DC=com
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *
ldap-login-dn CN=asaldap,CN=Users,DC=cisco,DC=com
server-type microsoft
ldap-attribute-map memberOf

tunnel-group vpnclient type remote-access
tunnel-group vpnclient general-attributes
address-pool VPN
authorization-server-group LDAP
authorization-required
username-from-certificate CN
tunnel-group vpnclient ipsec-attributes
trust-point LDAP
isakmp ikev1-user-authentication none

group-policy CAC-Users internal
group-policy CAC-Users attributes
dns-server value 192.168.250.27
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split

If you have any question let me know.

362
Views
0
Helpful
1
Replies