E-22
Cisco Security Appliance Command Line Configuration Guide
OL-12172-03
Appendix E Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
Step 3
Configure the name of the LDAP attribute map as shown in the following example command:
hostname(config-aaa-server-host)#
ldap-attribute-map ActiveDirectoryMapTable
hostname(config-aaa-server-host)#
Step 4
Specify a secure LDAP connection as follows:
hostname(config-aaa-server-host)#
ldap-over-ssl enable
hostname(config-aaa-server-host)#
Step 5
Create an external group policy that associates the group-name with the RADIUS server. In this
example, the user is assigned to the group Engineering as shown in the following example command:
hostname(config-aaa-server-host)#
group-policy Engineering external server-group
radius-group password anypassword
hostname(config-aaa-server-host)#
Step 6
Create a tunnel group that specifies LDAP authentication as shown in the following example commands:
hostname(config)#
tunnel-group ipsec-tunnelgroup type ipsec-ra
hostname(config)#
tunnel-group ipsec-tunnelgroup general-attributes
hostname(config-tunnel-general)#
authentication-server-group ldap-authenticate-grp
hostname(config-tunnel-general)#
Note
The configuration for radius-group is not shown in this example.
Example 3: LDAP Authentication and LDAP Authorization with Microsoft Active Directory
This example presents the procedure for configuring both authentication and authorization using LDAP
and Microsoft Active Directory. In the Microsoft user record, the department attribute is interpreted as
the group-name for the user. The authorization attributes for this group-name are retrieved from the
Active Directory server.
The department attribute is configured under the Organization tab in the Active Directory Users and
Computers dialog box as shown in
Figure E-5
.
Содержание 500 Series
Страница 38: ...Contents xxxviii Cisco Security Appliance Command Line Configuration Guide OL 12172 03 ...
Страница 45: ...P A R T 1 Getting Started and General Information ...
Страница 46: ......
Страница 277: ...P A R T 2 Configuring the Firewall ...
Страница 278: ......
Страница 354: ...17 38 Cisco Security Appliance Command Line Configuration Guide OL 12172 03 Chapter 17 Configuring NAT NAT Examples ...
Страница 561: ...P A R T 3 Configuring VPN ...
Страница 562: ......
Страница 891: ...P A R T 4 System Administration ...
Страница 892: ......
Страница 975: ...P A R T 5 Reference ...
Страница 976: ......