Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
781
Views
5
Helpful
1
Replies

ASA LDAP Authentication for SSL VPN

angel-moon
Level 3
Level 3

‎05-17-2011 07:59 AM - edited ‎03-10-2019 06:05 PM

Hello everyone,

I am having a problem getting an ASA running 8.3 to authenticate an SSL VPN directly against an LDAP on Windows Server 2003.  I have changed the read access on the Active Directory to allow Annonymous to read it.  I think I am missing something on the ASA config.  I have the Server Group specified with the address of the correct server but nothing else really configured.  Any help is appreciated.  I am attatching a screen shot of where I think I might be missing some information

All replies rated.  Thanks in advance!

Labels:
Preview file
206 KB
0 Helpful
1 Reply 1

Roman Rodichev
Level 7
Level 7

‎05-17-2011 06:07 PM

You need to specify base DN. For Login DN just create a regular user account, something like ciscoldap. Here's the cli config:

aaa-server AD protocol ldap

aaa-server AD (inside) host WINDOWS_DC_SERVER

server-port 3268 (or 389)

ldap-base-dn DC=domain,DC=com

ldap-scope subtree

ldap-naming-attribute sAMAccountName

ldap-login-password

ldap-login-dn CN=ciscoasa,CN=Users,DC=domain,DC=com

server-type microsoft

!

tunnel-group GROUP type remote-access

tunnel-group GROUP general-attributes

authentication-server-group AD

Customers Also Viewed These Support Documents