Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Configure LDAP

Posted on 2008-06-24
4
2,845 Views
Last Modified: 2009-07-29
I am wanting to use LDAP to authenticate users associated with a security group in AD. I'd prefer the remote users use the Cisco client app on their computers and then be required to authenticate upon attempting to login to the VPN. Any one have any thorough instructions?
0
Comment
Question by:BrettAMair
  • 3
4 Comments
 
LVL 4

Expert Comment

by:fileinster
ID: 21860557
Instead of using LDAP you could use RADIUS. You can install the RADIUS service on a server in your domain and configure the PIX to look at it for authentication. All you have to do in the PIX is set up an AAA group, configure a Radius server IP, and shared secret and then on your VPN group set it to use that specific AAA group.

Is that what you mean?
0
 

Author Comment

by:BrettAMair
ID: 21867435
No, unfortunately it's not. We're going to use the LDAP connector service instead of Radius. Also, it's not a PIX, I only selected that because a PIX is the closest option E-E.com has for the Cisco ASA.

So again, I'm needed to configure my Cisco ASA 5520 to use LDAP for VPN authentication. Any takers?
0
 
LVL 4

Accepted Solution

by:
fileinster earned 500 total points
ID: 21868519
Is it something like this:

aaa-server AD-LDAP protocol ldap
aaa-server AD-LDAP host <IP of DC>
  ldap-base-dn DC=yournet,DC=local
  ldap-scope subtree
  ldap-naming-attribute samAccountName
  ldap-login-password <yourpass>
  ldap-login-dn CN=Administrator,CN=users,DC=yournet,DC=local

tunnel-group <groupname> general-attributes
  authentication-server-group AD-LDAP


Does that meet your requirements? However RADIUS is a far better option. Why do you want to use LDAP?
0
 
LVL 4

Expert Comment

by:fileinster
ID: 22019593
Hi,
Did my solution not answer the question? What was missing?
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Manage ASA using outside IP 14 62
Cisco ISE or Windows NPS for RADIUS and 802.1x 2 49
TL-R470T+ and Cisco ASA 2 21
ASA 5505 packet drops 14 43
There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question