Solved

I need to create a service account to authenticate against LDAP/AD.  It will be used by a Cisco ASA device.  What rights does the account require?

Posted on 2007-11-19
4
1,178 Views
Last Modified: 2011-09-20
I already created the account.  It is a standard user account at this point and has no dial in rights, since I don’t want anyone to use it for dialing in or VPN into the company.
My question is, does this account require specific rights, or be a member of some specific groups to function?  I assume yes, assistance is appreciated.

Thanks in advance all...
0
Comment
Question by:copio
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 300 total points
ID: 20315239
By default, all user accounts have read access over Active Directory. I don't know what a Cisco ASA device is, but if it just needs to use the account for reading user information, then a standard domain user account with no additional privileges should work in a domain with a standard security set up.

However if you need to edit user information (and possibly validate user passwords, not sure on that one so would have to check) then you will need to give the account Domain Admin privileges. When creating service accounts like this I usually generate a 20 character password with a random password generator and use that for the account, if it will never be logged into you shouldn't really need to be able to type the password in easily like that of the administrator account which is used daily.

-tigermatt
0
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 200 total points
ID: 20315905
ASA is simply a firewall....any old account should do in this case - you shouldnt need any additional perms
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 20318150
Cheers Jay, didn't know that's what it was. I'm with Jay per my first post, a firewall should only need read permissions therefore a standard domain user account should do.

-tigermatt
0
 

Author Closing Comment

by:copio
ID: 31409983
Thanks gentlemen...
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question