Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
340
Views
0
Helpful
1
Replies

Deploy authenticate VPN using LDAP AD (with user group)

ctranminh
Level 1
Level 1

‎12-15-2014 12:38 AM - edited ‎03-10-2019 10:16 PM

Hi,

 

I'm stucking in configuration of LDAP Server with authenticate for VPN user using group in Windows Domain. I would like to create a group like "vpn-group" in Domain. If someone want to vpn, I just have to add that user in the group "vpn-group" then I can connect to the company.

Here is my configuration

aaa new-model
!
!
aaa authentication login userauthen local group ldap
aaa authorization network groupauthor local
!

ldap attribute-map map1
 map type sAMAccountName username
!
ldap server server1
 ipv4 192.168.0.5
 attribute map map1
 bind authenticate root-dn cn=administrator,cn=users,dc=test,dc=local password 7 0235114B0E144E621518
 base-dn cn=vpn-group,cn=users,dc=test,dc=local

 

Please advice me.

 

Labels:
0 Helpful
1 Reply 1

Jan Kamper
Level 1
Level 1

‎12-18-2014 01:01 AM

I got it working by including the AD security group in the search-filter

 search-filter user-object-type User)(memberOf=CN=vpn-group,OU=Security groups,OU=company,DC=test,DC=local
0 Helpful
Customers Also Viewed These Support Documents