We help IT Professionals succeed at work.

Active Directory LDAP auth with DHCP reservation

Texas_Billy
Texas_Billy asked
on
Hey experts, I wonder if any of you has done this before:  I want to use Cisco ASA's AAA feature to perform an LDAP query into active directory to authenticate ssl vpn clients, AnyConnect Essentials clients, to be exact.  That part is easy enough.

Can I also set a DHCP reservation in the active directory so that I can force connecting clients to always get the same IP address, can we push that out in an LDAP query?  I won't have the mac address of clients, mind you, and the DCs wouldn't see that information anyway.  If I can't do it using LDAP, can I do it using built in ISA RADIUS and MS Cert Svcs?  

Bear in mind, I'm setting up a separate domain just for this auth, I can set it up with server 2003 or 2008, I don't have to worry about interoperability with any other application or other function of windows server; no exchange, no local clients, no sql, no nothing.  

But dynamic dns and hostname resolution is not an option; queries to these connected hosts are going to be made using IP address, no way around it.  --TX
Comment
Watch Question

Principal Systems Administrator
Commented:
not sure if this is it because did not read the whole document but it looks like the closest thing to what you want.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a7afb2.shtml

eb

Author

Commented:
Dude that may well be it.  Let me spend a little time noodling with this and verifying with Cisco that I'm not going to chew up all my memory because we'll have thousands upon thousands of clients coming in.  Will probably take a couple of weeks to get there, but I'll keep you posted on how it works.  Nicely done, thanks.  --TX

Author

Commented:
Good answer, that was what I needed.