cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
378
Views
0
Helpful
4
Replies
Highlighted
Beginner

Bookmark not logging in

I've configured an ASA5505 with clientless SSL VPN access. I see that the user is authenticated in my Active Directory, and the bookmark with the RDP connection is available. The bookmark URL contains

10.10.20.46/username=CSCO_WEBVPN_USERNAME&password=CSCO_WEBVPN_PASSWORD&CSCO_WEBVPN_MACRO1

When I click on the bookmark, I get to the server, but the user isn't logged in; the user name & password fields are blank & the message under the fields has Log on <domain name>. The Auto Sign-On server is enabled, and in the Smart Tunnel Auto Sign-on I checked the Use Windows domain name with username. The Terminal Server is W2k8 Data Center Edition - VMWare 4.0.

Cannot seem to figure this one out. Any suggestions are appreciated.

ASA Version: 8.4(4)1, ASDM Version: 6.4(9)

Also, the CSCO_WEBVPN_MACRO1 is configured to get the Department value from the Active Directory. I don't know if this is working or not. Is there a way to verify it?

Thanks for the help.

4 REPLIES 4
Highlighted

Hi Sam,

Please check this out:

https://supportforums.cisco.com/message/3749055#3749055

HTH.

Please rate any helpful posts

Highlighted

That helped tremendously. Thanks.

Also, I found that another admin had configured terminal services login to not recognize the parameters being passed. Once that was changed, along with the other hints from the mentioned article I made good progress.

I still have the issue of the CSCO_WEBVPN_MACRO1 parameter. The server is configured to automatically start a program looking for a value, but it isn't receiving it. Right now I just have &CSCO_WEBVPN_MACRO1 in the bookmark, do I need something like parameter=CSCO_WEBVPN_MACRO1? or is it the variable name from the program?

Thanks again.

Highlighted

Dear Sam,

I am glad to hear you found it helpful.

The CSCO_WEBVPN_MACRO1 is the parameter, but to be honest I do not think the specific "program" attribute would work.

What are you defining in the Macro?

HTH.

Please rate any helpful posts

Highlighted

So I don't do anything like '?parmx = CSCO_WEBVPN_MACRO1' in the bookmark?

I want to populate the field with an value from my AD, associated with the user login.

In Remote Access VPN -> AAA/Local Users -> LDAP Attribute Map I defined an entry (MyMacro) for Department = WebVPN-Macro-Substitution-Value1

In my bookmark -> Advanced Options I set the URL method to Post & added a Post Parameter associating MyMacro to the value for CSCO_WEBVPN_MAVRO1.

I think I can modify the MyMacro rntry in the LDAP Attribute Map to use a static value rather than a AD value for testing purposes, to see if it is infact being passed to the program. At minimum this should indicate if I'm not getting the value from the AD.