topic Re: FTD AD Realm in Network Security

FTD AD Realm

fatalXerror — Fri, 21 Feb 2020 17:27:27 GMT

Hi,

I checked the documentation but I cannot see what I am looking for.

This is about the integration of the FTD to the AD using the Realm, I would like to know what should be the AD service account privileges for the integration to work?

Thanks

Re: FTD AD Realm

Marvin Rhoads — Wed, 04 Sep 2019 17:55:34 GMT

The account must be any Active Directory user with appropriate rights to create a Domain Computer account in the Active Directory domain.

Re: FTD AD Realm

fatalXerror — Wed, 04 Sep 2019 19:01:58 GMT

Hi @Marvin Rhoads , thanks for the feedback.

Do you have any documents for that one? That's the only privilege that I need to set in my service account? Does it include also lookup for the OU and Users?

Thanks

Re: FTD AD Realm

Marvin Rhoads — Wed, 04 Sep 2019 19:25:23 GMT

Here's the reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/create_and_manage_realms.html

As far as I know and have seen it does include those features you mentioned.

I note that those joining privileges are only if you need to use Kerberos for captive portals. Further down in the reference it mentions:

"The distinguished username and password for a user with appropriate access to the user information you want to retrieve.

Note the following:

For Microsoft Active Directory, the user does not need elevated privileges. You can specify any user in the domain."