cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3058
Views
0
Helpful
15
Replies

AD groups / LDAP for remote access user authorization

jgolson
Level 1
Level 1

I'm trying to configure an ASA5540 to use LDAP for remote access user authorization. I am using certificates for authentication, and using the userPrincipalName field from the certificate for authorization purposes. I am trying to set up a LDAP attirbute map which will only allow a user to connect to VPN if he/she is a member of a specific group. I haven't been able to get this working. The problem I have run into is that even if a user isn't a member of the group I have defined in the LDAP attribute map, the user will be authorized because the user account exists in AD. Any help would be greatly appreciated.

15 Replies 15

i know thats an old post - but you can try to set the Simultaneous Logins of the DefaultGroup = 0. so nobody who becames the Default Group will be able to login.

HTH

konne

Review Cisco Networking for a $25 gift card