tunnel-group RA-VPN type remote-access
tunnel-group RA-VPN general-attributes
 address-pool RA-POOL
 authentication-server-group VLAB-DC LOCAL
 default-group-policy NOACCESS
tunnel-group RA-VPN webvpn-attributes
 group-alias RA-VPN enable
tunnel-group RA-VPN2 type remote-access
tunnel-group RA-VPN2 general-attributes
 address-pool RA-VPN2-POOL
 authentication-server-group VLAB-DC
 default-group-policy NOACCESS
tunnel-group RA-VPN2 webvpn-attributes
 group-alias RA-VPN2 enable
VLAB-5506# sh run gr
VLAB-5506# sh run group-po
VLAB-5506# sh run group-policy
group-policy NOACCESS internal
group-policy NOACCESS attributes
 vpn-simultaneous-logins 0
 vpn-tunnel-protocol ssl-client
group-policy GroupPolicy_RA-VPN internal
group-policy GroupPolicy_RA-VPN attributes
 wins-server none
 dns-server value 10.10.10.20
 vpn-simultaneous-logins 3
 vpn-tunnel-protocol ssl-client
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value split
 default-domain value vlab.com
group-policy GroupPolicy_RA-VPN2 internal
group-policy GroupPolicy_RA-VPN2 attributes
 wins-server none
 dns-server value 8.8.8.8
 vpn-simultaneous-logins 3
 vpn-tunnel-protocol ssl-client
 split-tunnel-policy tunnelall
 split-tunnel-network-list value split
 default-domain value vlab.com
VLAB-5506# sh run aaa-ser
VLAB-5506# sh run aaa-server
aaa-server VLAB-DC protocol ldap
aaa-server VLAB-DC (inside) host 10.10.10.20
 ldap-base-dn dc=vlab,dc=com
 ldap-scope subtree
 ldap-naming-attribute sAMAccountName
 ldap-login-password *****
 ldap-login-dn cn=administrator,cn=Users,dc=vlab,dc=com
 server-type microsoft
 ldap-attribute-map VLAB-ATT-MAP
VLAB-5506# sh run lda
VLAB-5506# sh run ldap  att
VLAB-5506# sh run ldap  attribute-map
ldap attribute-map VLAB-ATT-MAP
  map-name  memberof Group-Policy
  map-value memberof CN=RA-GROUP,OU=RA_VPN,DC=vlab,DC=com GroupPolicy_RA-VPN
  map-value memberof CN=RA-VPN2,OU=RA-VPN2,DC=vlab,DC=com GroupPolicy_RA-VPN2
  
  
  
  
  
  
  
  
  
  
  VLAB-5506# test aaa-server authentication VLAB-DC host 10.10.10.20 username ra$
INFO: Attempting Authentication test to IP address (10.10.10.20) (timeout: 12 seconds)

[-2147483634] Session Start
[-2147483634] New request Session, context 0x00007f7de2007cc8, reqType = Authentication
[-2147483634] Fiber started
[-2147483634] Creating LDAP context with uri=ldap://10.10.10.20:389
[-2147483634] Connect to LDAP server: ldap://10.10.10.20:389, status = Successful
[-2147483634] supportedLDAPVersion: value = 3
[-2147483634] supportedLDAPVersion: value = 2
[-2147483634] Binding as administrator
[-2147483634] Performing Simple authentication for administrator to 10.10.10.20
[-2147483634] LDAP Search:
        Base DN = [dc=vlab,dc=com]
        Filter  = [sAMAccountName=ray]
        Scope   = [SUBTREE]
[-2147483634] User DN = [CN=ray,OU=RA_VPN,DC=vlab,DC=com]
[-2147483634] Talking to Active Directory server 10.10.10.20
[-2147483634] Reading password policy for ray, dn:CN=ray,OU=RA_VPN,DC=vlab,DC=com
[-2147483634] Read bad password count 0
[-2147483634] Binding as ray
[-2147483634] Performing Simple authentication for ray to 10.10.10.20
[-2147483634] Processing LDAP response for user ray
[-2147483634] Message (ray):
[-2147483634] Authentication successful for ray to 10.10.10.20
[-2147483634] Retrieved User Attributes:
[-2147483634]   objectClass: value = top
[-2147483634]   objectClass: value = person
[-2147483634]   objectClass: value = organizationalPerson
[-2147483634]   objectClass: value = user
[-2147483634]   cn: value = ray
[-2147483634]   givenName: value = ray
[-2147483634]   distinguishedName: value = CN=ray,OU=RA_VPN,DC=vlab,DC=com
[-2147483634]   instanceType: value = 4
[-2147483634]   whenCreated: value = 20180214012934.0Z
[-2147483634]   whenChanged: value = 20180215204457.0Z
[-2147483634]   displayName: value = ray
[-2147483634]   uSNCreated: value = 16562
[-2147483634]   memberOf: value = CN=RA-GROUP,OU=RA_VPN,DC=vlab,DC=com
[-2147483634]   uSNChanged: value = 24768
[-2147483634]   name: value = ray
[-2147483634]   objectGUID: value = ....Q\FE.....y..
[-2147483634]   userAccountControl: value = 512
[-2147483634]   badPwdCount: value = 0
[-2147483634]   codePage: value = 0
[-2147483634]   countryCode: value = 0
[-2147483634]   badPasswordTime: value = 0
[-2147483634]   lastLogoff: value = 0
[-2147483634]   lastLogon: value = 0
[-2147483634]   pwdLastSet: value = 131630453743779790
[-2147483634]   primaryGroupID: value = 513
[-2147483634]   objectSid: value = ............+P...@...g.yQ...
[-2147483634]   accountExpires: value = 9223372036854775807
[-2147483634]   logonCount: value = 0
[-2147483634]   sAMAccountName: value = ray
[-2147483634]   sAMAccountType: value = 805306368
[-2147483634]   userPrincipalName: value = ray@vlab.com
[-2147483634]   objectCategory: value = CN=Person,CN=Schema,CN=Configuration,DC=vlab,DC=com
[-2147483634]   dSCorePropagationData: value = 16010101000000.0Z
[-2147483634]   lastLogonTimestamp: value = 131632010974341589
[-2147483634] Fiber exit Tx=507 bytes Rx=2503 bytes, status=1
[-2147483634] Session End
INFO: Authentication Successful