Solved: LDAP authenticate

billybong · ‎03-10-2021

Hi All, i'm hoping someone can point me in the right direction

I can’t get the LDAP groups to work it just allows all domain users to authenticate.

any help greatly appreciated

balaji.bandi · ‎03-10-2021

You looking for Remote access VPN user to connecting using your AD Group users.

here is simple guide start with :

https://www.petenetlive.com/KB/Article/0001152

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html

https://community.cisco.com/t5/security-documents/configure-anyconnect-with-ldap-authentication/ta-p/3142464

https://community.cisco.com/t5/security-documents/how-to-configure-ldap-authentication-for-vpn-clients-on-asa/ta-p/3127371

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Rob Ingram · ‎03-10-2021

@billybong

If all users are authenticating when using LDAP groups, it sounds like you don't have the NOACCESS group policy defined, which does not permit logons. This group-policy would be applied when a user is not a member of a specified LDAP group.

Refer to the guide below.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html#anc15

View solution in original post

balaji.bandi · ‎03-10-2021

what device is this and what code running? - based on the information we can suggest the right documents.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

billybong · ‎03-10-2021

Hey Balaji thanks for replying

ASA5525 Version 9.12(4)7

anyconnect version 4.0.00051

balaji.bandi · ‎03-10-2021

You looking for Remote access VPN user to connecting using your AD Group users.

here is simple guide start with :

https://www.petenetlive.com/KB/Article/0001152

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html

https://community.cisco.com/t5/security-documents/configure-anyconnect-with-ldap-authentication/ta-p/3142464

https://community.cisco.com/t5/security-documents/how-to-configure-ldap-authentication-for-vpn-clients-on-asa/ta-p/3127371

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

billybong · ‎03-10-2021

Thanks balaji, i'll take a look and let you know how i get on

Rob Ingram · ‎03-10-2021

@billybong

If all users are authenticating when using LDAP groups, it sounds like you don't have the NOACCESS group policy defined, which does not permit logons. This group-policy would be applied when a user is not a member of a specified LDAP group.

Refer to the guide below.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html#anc15

MHM Cisco World · ‎03-10-2021

LDAP map is config correctly ? can we see the config ?

billybong · ‎03-11-2021

Thanks Guy's all fixed NOACCESS group policy needed redefining