12-26-2011 09:06 AM - edited 02-21-2020 05:47 PM
Hello
I'm not clear about 2 things with SSL VPN and Active directory
1. Atributes Values & Names
I Configured SSL Clientless VPN. It is working fine with LOCAL authentication on ASA 8.4.
I created a LDAP(active directory) server. I tested and passed the connection with the AD server.
I use in Attribute Name
MemberOF (LDAP Name) and Group-Policy(replaces IETF-Radius-Class) for Cisco name
But I'm not sure about the LDAP MAP. I don't know which value is the correct for "Mapping of attribute Value"
CN=XXXXXXX,,DC=XXXXX,DC=COM for LDAP Attribute
for cisco value I use the group policy name.
I specify in the connection profile's authentication method, the AD server I created and tested.
2.- Selecting LDAP Authentication method
When accessing the ssl vpn portal I tried to authenticate with active directory user (which is different to LOCAL user) and I receive
"3 Dec 26 2011 12:21:08 113015 AAA user authentication Rejected : reason = Invalid password : local database : user = XXXXXX"
The authentication is still local even I selected the LDAP Server.
Thanks
12-26-2011 09:26 AM
Your problem sounds very similar to one addressed in the recent Ask The Expert thread. Please have a look at the first issue posted in that thread here. Hope this helps.
12-26-2011 11:35 AM
Thanks!
I tried and it is working.
For the problem N° 2, It was a line in the tunnel-group with local server.This line does not appears in ASDM
I will test with the vpn groups, but I think that it will work.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide