05-04-2010 03:31 PM
I could swear I read somwhere that there was a way to configure the Cisco ACS server (or a RADIUS/LDAP AAA Server) to pass a rdp:// type shortcut to the users bookmakrs when he/she logs into a SSL VPN portal and uses the AAA server to authenticate. So for an example:
Sally is in accounting and so is Bill. Both have SSL VPN access. When Sally logs in to the VPN portal, a shortcut to create a Terminal Server connection to her specific workstation is there in her bookmakrs. Same for Bill but Bill has a unique shortcut for his workstation.
Am I dreaming or was there a way to do this?
Thanks.
05-04-2010 04:55 PM
You could do this with an LDAP Attribute map. Create a separate URL-List (bookmarks) for the users and then use a field in AD to map to the Url List.
05-04-2010 05:50 PM
Thanks for the reply! This is something that I had considered -- but it would mean a separate bookmark for each user no? If you have several hundred users... this could be tedious, not to mention a nightmare to police. I'm acutually looking for a way to do this in a more dynamic fashion.
05-04-2010 06:25 PM
Yes that would certainly become unmanageable. Maybe you were thinking of Macro Substitutions - which may work.
5
CSCO_WEBVPN_MACRO1
Set via RADIUS/LDAP vendor-specific attribute
6
CSCO_WEBVPN_MACRO2
Set via RADIUS/LDAP vendor-specific attribute
http://www.cisco.com/en/US/docs/security/asdm/6_1/user/guide/vpn_web.html#wp1160691
05-05-2010 01:25 AM
Certainly worth a second look, but at first glance I don't see how that would work since the substituion would have to be either a hostname or an IP address. I guess if the hostname was based off their username it might work, but that's not the case here.
Is there a way to pass a url list via Radius attributes? Those would be dynamic .. no?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: