Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
367
Views
0
Helpful
1
Replies

Is the ASA7.1(2) support AD-LDAP authentication?

cjrchoi11
Level 1
Level 1

‎06-13-2006 07:32 AM - edited ‎02-21-2020 10:16 AM

Follows the ASA7.1(2) configuraiton guide. Is the ASA device part of security appliance and able to support AD-LDAP authentication? if yes, can I have a configuraiton example.

===

LDAP Authentication

Supported on PIX 7.1.x and the security appliance only. VPN 3000 does not support native LDAP authentication. The LDAP server retrieves and searches for the username and enforces any defined attributes as part of the authorization function.

===

Thanks in advance,

Labels:
0 Helpful
1 Reply 1

carenas123
Level 5
Level 5

‎06-19-2006 01:50 PM

yes it supports. The following configuration section gives you an idea about the configuring the authentication.

create aaa-server entry for LDAP server

aaa-server LDAP_Author protocol ldap

aaa-server LDAP_Author (private) host 10.86.195.23

ldap-base-dn ou=people,dc=CorporationXYZ,dc=com

ldap-scope subtree

ldap-naming-attribute c

ldap-login-password mysecret

ldap-login-dn cn=Administrator,cn=Users,dc=frdevtestad,dc=local

configure tunnel-group to use authorization-server-group LDAP and enable authorization required (meaning successful authorization needed, user must exist in the LDAP database)

f1-5# show runn tunnel-group Client

tunnel-group Client type ipsec-ra

tunnel-group Client general-attributes

address-pool mypool

authentication-server-group Kerberos

authorization-server-group LDAP_Author

authorization-required

tunnel-group Client ipsec-attributes

pre-shared-key *

f1-5#

Before VPN tunnel-establishment verify that the user is probaly configured in the LDAP databse . Use the folowing command to verify

# test aaa-server authorization LDAP_Author host 10.86.195.23 user

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents