https://community.cisco.com/t5/network-access-control/rsa-sdi-for-authentication-and-ldap-ad-for-authorization-for-asa/m-p/1275434#M328694 <HTML><HEAD></HEAD><BODY><P>Thanks for the link. However it does not explain how to accomplish this. I have succesfully gotten it to work with using AD for authentication and LDAP for authorization, however not using RSA for authentication and LDAP for authorization. The DAP i setup looks to see if the user is a member of an LDAP group, but the userid it is looking for i am assuming is the RSA UserID, which it will not find on the LDAP server. Is there a way to link a rsa userid with a windows userid?</P></BODY></HTML> Thu, 22 Oct 2009 10:22:25 GMT Brent Catoe 2009-10-22T10:22:25Z https://community.cisco.com/t5/network-access-control/rsa-sdi-for-authentication-and-ldap-ad-for-authorization-for-asa/m-p/1275432#M328675 <P>We currently use RSA for VPN authentication. I have configured and tested LDAP on the ASA. I would like the ASA to query AD via LDAP for the group membership of the user trying to login and will give them a specific Access Policy off of that group. Is there a way to do this when the user is authenticating soley through RSA?</P> Sun, 10 Mar 2019 23:44:42 GMT https://community.cisco.com/t5/network-access-control/rsa-sdi-for-authentication-and-ldap-ad-for-authorization-for-asa/m-p/1275432#M328675 Brent Catoe 2019-03-10T23:44:42Z https://community.cisco.com/t5/network-access-control/rsa-sdi-for-authentication-and-ldap-ad-for-authorization-for-asa/m-p/1275433#M328680 <HTML><HEAD></HEAD><BODY><P>You can do authentication with the RSA Radius server and then do authorization with the LDAP server.</P><P></P><P>Refer to the table details that shows what methods are available for VPN users: </P><P></P><P><A class="jive-link-custom" href="http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080" target="_blank">http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080</A></P><P>60f261.shtml</P><P></P><P></P><P>Regards,</P><P>~JG</P><P></P><P>Do rate helpful posts</P></BODY></HTML> Wed, 21 Oct 2009 18:43:24 GMT https://community.cisco.com/t5/network-access-control/rsa-sdi-for-authentication-and-ldap-ad-for-authorization-for-asa/m-p/1275433#M328680 Jagdeep Gambhir 2009-10-21T18:43:24Z https://community.cisco.com/t5/network-access-control/rsa-sdi-for-authentication-and-ldap-ad-for-authorization-for-asa/m-p/1275434#M328694 <HTML><HEAD></HEAD><BODY><P>Thanks for the link. However it does not explain how to accomplish this. I have succesfully gotten it to work with using AD for authentication and LDAP for authorization, however not using RSA for authentication and LDAP for authorization. The DAP i setup looks to see if the user is a member of an LDAP group, but the userid it is looking for i am assuming is the RSA UserID, which it will not find on the LDAP server. Is there a way to link a rsa userid with a windows userid?</P></BODY></HTML> Thu, 22 Oct 2009 10:22:25 GMT https://community.cisco.com/t5/network-access-control/rsa-sdi-for-authentication-and-ldap-ad-for-authorization-for-asa/m-p/1275434#M328694 Brent Catoe 2009-10-22T10:22:25Z https://community.cisco.com/t5/network-access-control/rsa-sdi-for-authentication-and-ldap-ad-for-authorization-for-asa/m-p/1275435#M328705 <HTML><HEAD></HEAD><BODY><P>The same user id should exist on both database. However password can be different as for Authorization password check is not performed.</P><P></P><P>For example user name "brentcatoe" should be there on both database.</P><P></P><P>If user name is not same, this is not going to work and I don't think there is any way to link or map userid.</P><P></P><P>Regards,</P><P>~JG</P><P></P><P>Do rate helpful posts </P></BODY></HTML> Thu, 22 Oct 2009 16:10:36 GMT https://community.cisco.com/t5/network-access-control/rsa-sdi-for-authentication-and-ldap-ad-for-authorization-for-asa/m-p/1275435#M328705 Jagdeep Gambhir 2009-10-22T16:10:36Z https://community.cisco.com/t5/network-access-control/rsa-sdi-for-authentication-and-ldap-ad-for-authorization-for-asa/m-p/1275436#M328720 <HTML><HEAD></HEAD><BODY><P>Ok, that helps alot, so i need to just make sure that AD and RSA have the same usernames.</P><P></P><P>Thanks for you help</P></BODY></HTML> Thu, 22 Oct 2009 16:12:41 GMT https://community.cisco.com/t5/network-access-control/rsa-sdi-for-authentication-and-ldap-ad-for-authorization-for-asa/m-p/1275436#M328720 Brent Catoe 2009-10-22T16:12:41Z