Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN Site to client with LDAP Authentication

Hello Everyone,

I have a VPN site to client, provide this access with LDAP authentication.

But, users can authenticate in VPN without inside in group "users_vpn" in active directory.

Only users inside users_vpn group can authenticate.

The question is, whats wrong in my configuration for permit the authentication based on users_vpn group?

tunnel-group FUNCIONARIOS type remote-access

tunnel-group FUNCIONARIOS general-attributes

address-pool FUNC-PAN

authentication-server-group AD_LDAP LOCAL

default-group-policy FUNCIONARIOS

aaa-server AD_LDAP (inside) host 172.17.2.35

timeout 300

ldap-base-dn DC=domain,DC=com,DC=br

ldap-group-base-dn CN=USERS_VPN,CN=Users,DC=domain,DC=com,DC=br

ldap-scope subtree

ldap-naming-attribute sAMAccountName

ldap-login-password *****

ldap-login-dn CN=usr_auth_vpn,CN=Users,DC=domain,DC=com,DC=br

server-type microsoft

ldap-attribute-map ASAMAP

group-search-timeout 15

panfw2860#sh run ldap attribute-map ASAMAP

map-name  memberOf Group-Policy

map-value memberOf CN=USERS_VPN,CN=Users,DC=domain,DC=com,DC=br USERS_VPN

Tks a lot,

Rafael Mendes

390
Views
0
Helpful
0
Replies
CreatePlease to create content