Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
692
Views
0
Helpful
2
Replies

group-lock and ldap authentication

esossamon
Level 1
Level 1

‎07-16-2009 11:04 AM

I have setup my users to authenticate via ldap for RA VPN on my ASA 5520. The users get logged in without any issues and get the correct information but I found the users are able to login under another group name. Originally I was using the tunnel-lock option when they were local users but now that appears to not be working anymore. I've setup the mapping to authenticate the users against AD with ldap, and retrieve the memberOf value and map this to the IETF-Class value. Is their something I'm missing?

Labels:
0 Helpful
2 Replies 2

Todd Pula
Level 7
Level 7

‎07-16-2009 02:12 PM

It sounds like you are on the right track. You can either configure the tunnel group lock under the respective group policy or utilize an LDAP attribute map to associate the lock. For example, you could look at the Department associated with the user and use the corresponding value to lock them to the corresponding tunnel group.

ldap attribute-map Tunnel-Lock

map-name department Tunnel-Group-Lock

0 Helpful

esossamon
Level 1
Level 1
In response to Todd Pula

‎08-03-2009 06:57 AM

I tried the option to configure the tunnel group lock under the respective group policy but it does not seem to work...any ideas?

0 Helpful
Customers Also Viewed These Support Documents
Top