I need to create a service account to authenticate against LDAP/AD. It will be used by a Cisco ASA device. What rights does the account require?

I already created the account.  It is a standard user account at this point and has no dial in rights, since I don’t want anyone to use it for dialing in or VPN into the company.
My question is, does this account require specific rights, or be a member of some specific groups to function?  I assume yes, assistance is appreciated.

Thanks in advance all...
copioAsked:
Who is Participating?
 
tigermattConnect With a Mentor Commented:
By default, all user accounts have read access over Active Directory. I don't know what a Cisco ASA device is, but if it just needs to use the account for reading user information, then a standard domain user account with no additional privileges should work in a domain with a standard security set up.

However if you need to edit user information (and possibly validate user passwords, not sure on that one so would have to check) then you will need to give the account Domain Admin privileges. When creating service accounts like this I usually generate a 20 character password with a random password generator and use that for the account, if it will never be logged into you shouldn't really need to be able to type the password in easily like that of the administrator account which is used daily.

-tigermatt
0
 
Jay_Jay70Connect With a Mentor Commented:
ASA is simply a firewall....any old account should do in this case - you shouldnt need any additional perms
0
 
tigermattCommented:
Cheers Jay, didn't know that's what it was. I'm with Jay per my first post, a firewall should only need read permissions therefore a standard domain user account should do.

-tigermatt
0
 
copioAuthor Commented:
Thanks gentlemen...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.