10-21-2009 07:38 AM - edited 03-10-2019 04:44 PM
We currently use RSA for VPN authentication. I have configured and tested LDAP on the ASA. I would like the ASA to query AD via LDAP for the group membership of the user trying to login and will give them a specific Access Policy off of that group. Is there a way to do this when the user is authenticating soley through RSA?
Solved! Go to Solution.
10-22-2009 09:10 AM
The same user id should exist on both database. However password can be different as for Authorization password check is not performed.
For example user name "brentcatoe" should be there on both database.
If user name is not same, this is not going to work and I don't think there is any way to link or map userid.
Regards,
~JG
Do rate helpful posts
10-21-2009 11:43 AM
You can do authentication with the RSA Radius server and then do authorization with the LDAP server.
Refer to the table details that shows what methods are available for VPN users:
http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080
60f261.shtml
Regards,
~JG
Do rate helpful posts
10-22-2009 03:22 AM
Thanks for the link. However it does not explain how to accomplish this. I have succesfully gotten it to work with using AD for authentication and LDAP for authorization, however not using RSA for authentication and LDAP for authorization. The DAP i setup looks to see if the user is a member of an LDAP group, but the userid it is looking for i am assuming is the RSA UserID, which it will not find on the LDAP server. Is there a way to link a rsa userid with a windows userid?
10-22-2009 09:10 AM
The same user id should exist on both database. However password can be different as for Authorization password check is not performed.
For example user name "brentcatoe" should be there on both database.
If user name is not same, this is not going to work and I don't think there is any way to link or map userid.
Regards,
~JG
Do rate helpful posts
10-22-2009 09:12 AM
Ok, that helps alot, so i need to just make sure that AD and RSA have the same usernames.
Thanks for you help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide