cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Sample config when LDAP server is AD

2727
Views
8
Helpful
1
Comments

Introduction:-  Sample configuration when LDAP server is AD

aaa-server ldap (inside) host <ip-address>


server-port 389


ldap-base-dn <base-dn>


ldap-scope subtree


ldap-naming-attribute sAMAccountName


ldap-login-password *


ldap-login-dn <admin-dn>


server-type microsoft


ldap-attribute-map ssh


ldap attribute-map ssh

  map-name  memberOf IETF-Radius-Service-Type

map-value memberOf "CN=Domain Admins,CN=Users,DC=aaateam,DC=com" 6


aaa authentication ssh console ldap LOCAL

aaa authorization exec authentication-server


Please note that <> denotes a custom value to be used.


In the above configuration any user belonging to the “Domain Admins” group on the LDAP server will have access to the console. Others will not be allowed to SSH.


The value 6 denotes admin. No value will mean only remote access

Comments

Thanks for the doc,

I think it would be better if it is metnioned to which ACS versions the above is applied

Thanks again.

Amjad