Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
371
Views
0
Helpful
1
Replies

ASA v7.2.2 AAA Authentication and Authorization

m.hoeschen
Level 1
Level 1

‎01-17-2007 11:44 PM

Hello,

I've got an ASA on which I terminate several VPN Tunnels (e.g. Cisco Client VPN). Now I want do change to the Authentication and Authorization:

- Authentication should be provided via Radius Connection to RSA Server (this works fine)

- Authorization should be provided by querying a Windows AD Groupmembership via a LDAP connection. The user should be only able to log in if he is member of a certain AD group.

And here's my problem: I can configure a LDAP conenction but I can't search for group membership... The next thing is that the authorization tab (tunnel group) is always empty...

Is there a way to do this??

Thank you very much for your help!

Best regards,

Markus

Labels:
0 Helpful
1 Reply 1

5220
Level 4
Level 4

‎01-20-2007 04:16 AM

"Authorization should be provided by querying a Windows AD Groupmembership via a LDAP connection. The user should be only able to log in if he is member of a certain AD group."

This is more like authentication than authorization to me.

Try using a CSA and if needed, link it to LDAP.

Authorization will specify what commands/type of access will be provided AFTER USER IS AUTHENTICATED.

Please rate if this helped.

Regards,

Daniel

0 Helpful
Customers Also Viewed These Support Documents