Thanks for your comment and pointing out the dsquery tool. Much appreciated. I'm sure that will help others in the same situation. As you point out, it depends on your directory structure and the location of affected objects.
Don, thanks for posting this. Excellent quick-and-dirty tutorial. As a note, I followed this and couldn't get authentication to work. When I queried LDAP for my device's DN I got a "cn,ou,dc,dc" pattern. Just thought I'd post this to help anyone else who tried "cn,cn,dc,dc" and got mixed results. In MS Windows you can use the "dsquery" tool from the server to find the LDAP DN/RDN's. e.g. c:\>dsquery user -samid ASA01 "CN=ASA01,OU=Appliances,DC=domainname,DC=tld"
Thank you so much, quite informative. I have a question though, Is it possible to configure a failover/backup LDAP server for the same profile, thats incase that DC goes down and the VPN users can still authenticate on the secondary DC? If possible, would you please share the data?
I did a search on "cisco vpn ldap authentication group membership" and found a forum post that describes how to do it. (UA-cam doesn't all posting links, so just try that search string.) I'll try to set up a test to confirm it next week and will post the results on the soundtraining[dot]net Facebook page.
At the moment I use this design - Base DN: OU = OUname, dc = example, dc = local. All the users of this OU can authenticate when connected via vpn. How can I narrow the scope to global security group, so that only user of this security group could authenticate?
Thank you. After some searching, I finally found the article that helped me solve the issue
Clear and to the point. I was able to use this as a reference to setup my VPN authentication against AD LDAP
Thanks for your comment and pointing out the dsquery tool. Much appreciated. I'm sure that will help others in the same situation. As you point out, it depends on your directory structure and the location of affected objects.
Thank you again, your videos are awesome - this one worked perfect, first try! Ordering your latest ASA book today.
Don, thanks for posting this. Excellent quick-and-dirty tutorial. As a note, I followed this and couldn't get authentication to work. When I queried LDAP for my device's DN I got a "cn,ou,dc,dc" pattern. Just thought I'd post this to help anyone else who tried "cn,cn,dc,dc" and got mixed results. In MS Windows you can use the "dsquery" tool from the server to find the LDAP DN/RDN's. e.g.
c:\>dsquery user -samid ASA01
"CN=ASA01,OU=Appliances,DC=domainname,DC=tld"
Thank you so much, quite informative. I have a question though, Is it possible to configure a failover/backup LDAP server for the same profile, thats incase that DC goes down and the VPN users can still authenticate on the secondary DC? If possible, would you please share the data?
I did a search on "cisco vpn ldap authentication group membership" and found a forum post that describes how to do it. (UA-cam doesn't all posting links, so just try that search string.) I'll try to set up a test to confirm it next week and will post the results on the soundtraining[dot]net Facebook page.
At the moment I use this design - Base DN: OU = OUname, dc = example, dc = local. All the users of this OU can authenticate when connected via vpn.
How can I narrow the scope to global security group, so that only user of this security group could authenticate?
Getting certificate validation failure issue on Cisco any connect 3.x onwards on Mac OS x ? Is there any solution
What do you do when the "UO" has a space in the name?
Thank you