03-10-2011 12:25 AM - edited 03-11-2019 01:04 PM
Hi Friends ,
I am new to cisco asa devices . I wanted to know if its possible to use ldap/AD authentication to allow internal users to use INTERNET services .
As in configure different webfilter profiles , and then assign these profiles to different policies and make the policies based on user groups.
Hope i am clear with the requirement .
Thanks,
Austin
03-10-2011 04:35 AM
You can integrate your AD with the ASA for authentication. I will look for a good link for you
Sent from Cisco Technical Support iPhone App
03-11-2011 01:49 AM
Thanks Paul ,
waiting for the link
Austin
03-11-2011 06:13 AM
I am sorry Austin, yesterday was a very busy day.
Here are a couple of links that show how to set the authentication on the ASA. The links are for the ASA but for different uses but you will get the general idea:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c3c45.shtml
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml
If you want to authenticate users when going out to the internet you will need to implement authentication proxy. The following link shows how to do it with tacacs but the idea is the same. You cam combine the links above for the setup of the LDAP server with the authentication proxy:
I hope this helps.
04-02-2011 12:17 AM
Hi Chris ,
Is some client software needed to be installed in Windows Server inorder to fetch the login details from the server to the ASA .?
Also does this work as a SINGLE SIGN ON feature or will it prompt for username/password each time the browser is opened ?
Please help me with this info .
regards,
Austin
04-02-2011 06:49 AM
Hi Austin,
The Login DN has to be your domain admin account. You can install the Ldap Browser softerra inorder to fetch the ldap string or DN of the Domain Admin Account.
Alternately try running the following command on the cmd of the DC.
Dsquery * -filter “<&
The above command will list all the attributes of the domain admin account. Please enter domain admin login name in the blank space of sAMAccountName.
Hope this helps.
Regards,
Anisha
P.S.: please mark this post as answered if you feel your query is resolved. Do rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide