https://community.cisco.com/t5/network-security/authenticate-with-microsoft-ldap/m-p/1969773#M401614 <HTML><HEAD></HEAD><BODY><P><SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_macro_emoticon" src="https://community.cisco.com/4.5.4/images/tiny_mce3/plugins/jiveemoticons/images/spacer.gif"></SPAN></P><P> <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> By mistake I marked the wrong star forgive me man </P></BODY></HTML> Thu, 06 Sep 2012 08:08:32 GMT Reuven Elkabetz 2012-09-06T08:08:32Z https://community.cisco.com/t5/network-security/authenticate-with-microsoft-ldap/m-p/1969770#M401611 <P>Hi all,</P><P></P><P>I am running ASA ver. 8.2(2)&nbsp; and all users are configured in the ASA. This ASA is uses as a VPN ASA and we are using it for remote access for external users. When a user is logged in, he gets all parameters that are need to continue working from outside, such as, IP, assigned to special group with special permissions and so on. All the parameters that are needed are configured under&nbsp; user attribute. See example below:</P><P></P><P>&nbsp;&nbsp; </P><P>username username1 password xxxxxx == nt-encrypted</P><P>username username1 attributes</P><P>vpn-group-policy Basic</P><P>vpn-access-hours none</P><P>vpn-simultaneous-logins 1</P><P>vpn-idle-timeout 30</P><P>vpn-session-timeout none</P><P>vpn-filter value DDD-Basic</P><P>vpn-tunnel-protocol IPSec </P><P>vpn-framed-ip-address 1.1.1.1 255.255.255.0</P><P>password-storage enable</P><P>group-lock value Basic<SPAN id="mce_marker"> </SPAN></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P></P><P>Is it possible to live the user attributes as is and to force the users to authenticate via LDAP servers only?</P> Mon, 11 Mar 2019 23:34:49 GMT https://community.cisco.com/t5/network-security/authenticate-with-microsoft-ldap/m-p/1969770#M401611 Reuven Elkabetz 2019-03-11T23:34:49Z https://community.cisco.com/t5/network-security/authenticate-with-microsoft-ldap/m-p/1969771#M401612 <HTML><HEAD></HEAD><BODY><P>Hi Bro</P><P>Yes, this can be done. Please refer to <A _jive_internal="true" href="https://community.cisco.com/thread/2045265">https://supportforums.cisco.com/thread/2045265</A></P><P></P><P></P><P></P><P>P/S: If you think this comment is useful, please do rate them nicely <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P></BODY></HTML> Thu, 26 Jul 2012 16:13:23 GMT https://community.cisco.com/t5/network-security/authenticate-with-microsoft-ldap/m-p/1969771#M401612 Ramraj Sivagnanam Sivajanam 2012-07-26T16:13:23Z https://community.cisco.com/t5/network-security/authenticate-with-microsoft-ldap/m-p/1969772#M401613 <HTML><HEAD></HEAD><BODY><P> Hello Ramraj,</P><P></P><P>Thanks a lot to your reply, sorry for the delay, but now I have a chance to verify again the above issue and according to the debug I triggered in ASA (225) , it is getting the right user and recognize it correct. I had no errors. But I am still getting en error from the VPN client. The error I received is "Secure VPN connection terminated locally by the client. Reason 413: User authentication failed." I also tried to get an IP from AD withput success. Any Idea ?</P><P></P><P>Thanks, a lot,</P><P></P><P>Reuven</P></BODY></HTML> Wed, 05 Sep 2012 06:39:05 GMT https://community.cisco.com/t5/network-security/authenticate-with-microsoft-ldap/m-p/1969772#M401613 Reuven Elkabetz 2012-09-05T06:39:05Z https://community.cisco.com/t5/network-security/authenticate-with-microsoft-ldap/m-p/1969773#M401614 <HTML><HEAD></HEAD><BODY><P><SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_macro_emoticon" src="https://community.cisco.com/4.5.4/images/tiny_mce3/plugins/jiveemoticons/images/spacer.gif"></SPAN></P><P> <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> By mistake I marked the wrong star forgive me man </P></BODY></HTML> Thu, 06 Sep 2012 08:08:32 GMT https://community.cisco.com/t5/network-security/authenticate-with-microsoft-ldap/m-p/1969773#M401614 Reuven Elkabetz 2012-09-06T08:08:32Z https://community.cisco.com/t5/network-security/authenticate-with-microsoft-ldap/m-p/1969774#M401615 <HTML><HEAD></HEAD><BODY><P> Hello Ramraj,</P><P></P><P>Sorry for the delay, but yesterday I had a chance to check again and to test what I configured accroding to the document that you sent me a while ago (:-)). I triggered the debug on the ASA 5520 and everything looks fine. The LDAP server is sending the right information without any error message. In the VPN client when I am trying to login I am receiving the following error message:</P><P></P><P>"Secure VPN connection terminated locally by the client. Reason 413:User authentication failed" . Googled this error message and I found that I need to enable the simultaneous logins to enable. I enabled it but I got the same error message. This configuration is under remote access vpn&gt;group-policies&gt;General&gt;more options.</P><P></P><P>Any idea what could be the reason?</P><P></P><P>Thanks alot ,</P><P></P><P>Reuven</P></BODY></HTML> Wed, 24 Oct 2012 05:49:42 GMT https://community.cisco.com/t5/network-security/authenticate-with-microsoft-ldap/m-p/1969774#M401615 Reuven Elkabetz 2012-10-24T05:49:42Z