Solved

Configure LDAP

Posted on 2008-06-24
4
2,840 Views
Last Modified: 2009-07-29
I am wanting to use LDAP to authenticate users associated with a security group in AD. I'd prefer the remote users use the Cisco client app on their computers and then be required to authenticate upon attempting to login to the VPN. Any one have any thorough instructions?
0
Comment
Question by:BrettAMair
  • 3
4 Comments
 
LVL 4

Expert Comment

by:fileinster
Comment Utility
Instead of using LDAP you could use RADIUS. You can install the RADIUS service on a server in your domain and configure the PIX to look at it for authentication. All you have to do in the PIX is set up an AAA group, configure a Radius server IP, and shared secret and then on your VPN group set it to use that specific AAA group.

Is that what you mean?
0
 

Author Comment

by:BrettAMair
Comment Utility
No, unfortunately it's not. We're going to use the LDAP connector service instead of Radius. Also, it's not a PIX, I only selected that because a PIX is the closest option E-E.com has for the Cisco ASA.

So again, I'm needed to configure my Cisco ASA 5520 to use LDAP for VPN authentication. Any takers?
0
 
LVL 4

Accepted Solution

by:
fileinster earned 500 total points
Comment Utility
Is it something like this:

aaa-server AD-LDAP protocol ldap
aaa-server AD-LDAP host <IP of DC>
  ldap-base-dn DC=yournet,DC=local
  ldap-scope subtree
  ldap-naming-attribute samAccountName
  ldap-login-password <yourpass>
  ldap-login-dn CN=Administrator,CN=users,DC=yournet,DC=local

tunnel-group <groupname> general-attributes
  authentication-server-group AD-LDAP


Does that meet your requirements? However RADIUS is a far better option. Why do you want to use LDAP?
0
 
LVL 4

Expert Comment

by:fileinster
Comment Utility
Hi,
Did my solution not answer the question? What was missing?
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now