topic Re: Ldap Authentication in Network Security

Ldap Authentication

AustinMas — Mon, 11 Mar 2019 20:04:03 GMT

Hi Friends ,

I am new to cisco asa devices . I wanted to know if its possible to use ldap/AD authentication to allow internal users to use INTERNET services .

As in configure different webfilter profiles , and then assign these profiles to different policies and make the policies based on user groups.

Hope i am clear with the requirement .

Thanks,

Austin

Re: Ldap Authentication

PAUL GILBERT ARIAS — Thu, 10 Mar 2011 12:35:40 GMT

You can integrate your AD with the ASA for authentication. I will look for a good link for you

Sent from Cisco Technical Support iPhone App

Re: Ldap Authentication

AustinMas — Fri, 11 Mar 2011 09:49:17 GMT

Thanks Paul ,

waiting for the link

Austin

Re: Ldap Authentication

PAUL GILBERT ARIAS — Fri, 11 Mar 2011 14:13:30 GMT

I am sorry Austin, yesterday was a very busy day.

Here are a couple of links that show how to set the authentication on the ASA. The links are for the ASA but for different uses but you will get the general idea:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c3c45.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml

If you want to authenticate users when going out to the internet you will need to implement authentication proxy. The following link shows how to do it with tacacs but the idea is the same. You cam combine the links above for the setup of the LDAP server with the authentication proxy:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml

I hope this helps.

Re: Ldap Authentication

AustinMas — Sat, 02 Apr 2011 07:17:34 GMT

Hi Chris ,

Is some client software needed to be installed in Windows Server inorder to fetch the login details from the server to the ASA .?

Also does this work as a SINGLE SIGN ON feature or will it prompt for username/password each time the browser is opened ?

Please help me with this info .

regards,

Austin

Re: Ldap Authentication

andamani — Sat, 02 Apr 2011 13:49:00 GMT

Hi Austin,

The Login DN has to be your domain admin account. You can install the Ldap Browser softerra inorder to fetch the ldap string or DN of the Domain Admin Account.

Alternately try running the following command on the cmd of the DC.

Dsquery * -filter “<&>” –attr *

The above command will list all the attributes of the domain admin account. Please enter domain admin login name in the blank space of sAMAccountName.

Hope this helps.

Regards,

Anisha

P.S.: please mark this post as answered if you feel your query is resolved. Do rate helpful posts.