Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Clientless SSL authentication with LDAP

Hello

I'm not clear about 2 things with SSL VPN and Active directory

1. Atributes Values & Names

I Configured SSL Clientless VPN. It is working fine with LOCAL authentication on ASA 8.4.

I created a LDAP(active directory) server. I tested and passed the connection with the AD server.

I use in Attribute Name

MemberOF (LDAP Name)  and Group-Policy(replaces IETF-Radius-Class) for Cisco name

But I'm not sure about the LDAP MAP. I don't know which value is the correct for "Mapping of attribute Value"

CN=XXXXXXX,,DC=XXXXX,DC=COM for LDAP Attribute

for cisco value I use the group policy name.

I specify in the connection profile's authentication method,  the AD server I created and tested.

2.- Selecting LDAP Authentication method

When accessing the ssl vpn portal I tried to authenticate with active directory user (which is different to LOCAL user) and I  receive

"3          Dec 26 2011          12:21:08          113015                                                  AAA user authentication Rejected : reason = Invalid password : local database : user = XXXXXX"

The authentication is still local even I selected the LDAP Server.

Thanks

Everyone's tags (3)
2 REPLIES
Hall of Fame Super Silver

Re: Clientless SSL authentication with LDAP

Your problem sounds very similar to one addressed in the recent Ask The Expert thread. Please have a look at the first issue posted in that thread here. Hope this helps.

New Member

Re: Clientless SSL authentication with LDAP

Thanks!

I tried and it is working.

For the problem N° 2,  It was a line in the tunnel-group with local server.This line does not appears in ASDM

I will test with the vpn groups, but I think that it will work.

3030
Views
0
Helpful
2
Replies
CreatePlease login to create content