Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1130
Views
0
Helpful
0
Replies

Change domain for Anyconnect LDAP authentication

jzullo1981
Level 1
Level 1

‎03-19-2015 08:43 PM - edited ‎02-21-2020 08:08 PM

Hello,

 

Currently we have anyconnect setup on our 5510asa. It is setup using AAA and configured for an LDAP server using sAMAccountName as the authentication for users to to log in. Users have an @domain1 username and log in using the first part of their domain name ex "userx" and then their password

We are doing a company name change and rather than destroy the entire network, we just added in another alternate name suffix into active directory so that users could have a @domain2 username. We want to shut off the ability in ad for users to log into systems with their @domain1 username and force them to use the @domain2 username.

However when we made that change in ad it broke the ability for anyconnect to establish a connection, when a user put their password in it wouldn't work until we switched back the ability in ad for users to use the old domain as a login.

Is there a way we can configure the asa to look at the userPrinciplename and not the sAMAccount name so that a user can log in how they do now but also give us the ability to disable the capability to log into windows using their old usernames without breaking the vpn connection.

 

Any help is greatly appreciated.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents