cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
866
Views
0
Helpful
3
Replies

FTD AD Realm

fatalXerror
Level 5
Level 5

Hi,

I checked the documentation but I cannot see what I am looking for.

This is about the integration of the FTD to the AD using the Realm, I would like to know what should be the AD service account privileges for the integration to work?

Thanks

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

The account must be any Active Directory user with appropriate rights to create a Domain Computer account in the Active Directory domain. 

Hi @Marvin Rhoads , thanks for the feedback.

Do you have any documents for that one? That's the only privilege that I need to set in my service account? Does it include also lookup for the OU and Users?

Thanks

Here's the reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/create_and_manage_realms.html

As far as I know and have seen it does include those features you mentioned.

I note that those joining privileges are only if you need to use Kerberos for captive portals. Further down in the reference it mentions:

"The distinguished username and password for a user with appropriate access to the user information you want to retrieve.

Note the following:

  • For Microsoft Active Directory, the user does not need elevated privileges. You can specify any user in the domain."

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: