cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
438
Views
0
Helpful
1
Replies

sAMAccount issues

james.king14
Level 1
Level 1

When user log into VPN, ASA is looking at CAC common Name instead of LDAP sAMAccountName for authentication.   Causing errors within log in script.  User cannot log into the VPN because of the issue. This is a two part problem;  having a certification chaining issue, but LDAP seems to looking for common name instead of looking for LDAP name  on AD

1 Accepted Solution

Accepted Solutions

Philip D'Ath
VIP Alumni
VIP Alumni

In your LDAP server definition, try using something like:

aaa-server <server> (inside) host a.b.c.d

 ldap-naming-attribute sAMAccountName

Failing that you'll probably need to use an attribute map.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html

View solution in original post

1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

In your LDAP server definition, try using something like:

aaa-server <server> (inside) host a.b.c.d

 ldap-naming-attribute sAMAccountName

Failing that you'll probably need to use an attribute map.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html