I've recently configured VPN with LDAP to our Windows Server 2012. Within the LDAP Attribute Map which is assigned to the server group I have specified attribute name msNPAllowDialin and this works fine, but I was wondering if I can just add another attribute "memberOf" to the same map and specify there specific user group which should have VPN access. Will user be authenticated if both attributes are true I mean user has "Allow access" enabled on NAP and belongs to the security group "VPN-Users"?
I've run some tests already and configured the following on my ASA 5510, but for some reason it doesn't work the way I want:) I would like to make sure that only users who belongs to "CN=MyBusiness VPN Users,OU=Security,OU=Groups,OU=MyBusiness,OU=BB Subsidiaries,DC=xxx,DC=corp" group and have NAP set to "Allow access" can authenticate. I removed user from MyBusiness VPN Users group but he was still able to authenticate.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...