WaywardS0n
asked on
cisco asa 5520 AD authentication
Successfull:
Using the ASA 5520 to successfully authentication users who are located in an OU below 'Site-B'.
These users are also members of 'Site-B-VPN-ACCESS' group membership.
This works just fine.
Failing:
Have users in an OU higher in the AD tree (a different location 'Site-A') but who are members of 'Site-B-VPN-ACCESS' group. These users are not able to authenticate.
I'm not the network guy, I'm the AD guy trying to help the network guy.
I'm thinking that the 5520 is looking in the 'SITE-B-VPN-ACCESS' group and after finding the user then checks 'Site-B' and below for the user to verify the account. If a valid user can be found below 'Site-B' all is good and if the user is in 'Site-A' then the 5520 isn't finding the user and fails.
If that is the issue, what command/attribute do I use to configure the ASA to check the entire AD for a user?
Using the ASA 5520 to successfully authentication users who are located in an OU below 'Site-B'.
These users are also members of 'Site-B-VPN-ACCESS' group membership.
This works just fine.
Failing:
Have users in an OU higher in the AD tree (a different location 'Site-A') but who are members of 'Site-B-VPN-ACCESS' group. These users are not able to authenticate.
I'm not the network guy, I'm the AD guy trying to help the network guy.
I'm thinking that the 5520 is looking in the 'SITE-B-VPN-ACCESS' group and after finding the user then checks 'Site-B' and below for the user to verify the account. If a valid user can be found below 'Site-B' all is good and if the user is in 'Site-A' then the 5520 isn't finding the user and fails.
If that is the issue, what command/attribute do I use to configure the ASA to check the entire AD for a user?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Naderz,
I'll get up with the network folks this morning.
Thanks for the assistance.
I'll report back shortly
I'll get up with the network folks this morning.
Thanks for the assistance.
I'll report back shortly
ASKER
It will be a few days before we get back onto this issue.
I am closing the question and giving credit as I believe thats the issue we'll find.
Thanks again!
I am closing the question and giving credit as I believe thats the issue we'll find.
Thanks again!
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/117641-config-asa-00.html