AD groups / LDAP for remote access user authorization
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2009 12:24 PM - edited 02-21-2020 03:15 AM
I'm trying to configure an ASA5540 to use LDAP for remote access user authorization. I am using certificates for authentication, and using the userPrincipalName field from the certificate for authorization purposes. I am trying to set up a LDAP attirbute map which will only allow a user to connect to VPN if he/she is a member of a specific group. I haven't been able to get this working. The problem I have run into is that even if a user isn't a member of the group I have defined in the LDAP attribute map, the user will be authorized because the user account exists in AD. Any help would be greatly appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-04-2009 05:22 AM
i know thats an old post - but you can try to set the Simultaneous Logins of the DefaultGroup = 0. so nobody who becames the Default Group will be able to login.
HTH
konne

- « Previous
-
- 1
- 2
- Next »