Example User File; Reviewing Examples Of Active Directory Configurations; Example 1: Configuring Ldap Authorization With Microsoft Active Directory (Asa/Pix) - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Configuring an External LDAP Server
For each user authorizing to your LDAP server, define a user file. A user file defines all the security
appliance attributes and values associated with a particular user. Each user is an object of the class
User-Authorization. To define the user file, use any text editor. The file must have the extension
(For an example user file, see Robin.ldif.)
To load the user file on the LDAP server, enter the following command on the directory where your
version of the
-f Robin.ldif
After you have created and loaded both the schema and the user file, your LDAP server is ready to
process security appliance authorization requests.
Example User File
This section provides a sample user file for the user Robin.
Robin.ldif
dn: cn=Robin,OU=People,DC=ExampleCorporation,DC=com
changetype: add
cn: Robin
Access-Hours: Corporate_time
Simultaneous-Logins: 2
IPSec-Over-UDP: TRUE
IPSec-Over-UDP-Port: 12125
IPSec-Banner1: Welcome to the Example Corporation!!!
IPSec-Banner2: Unauthorized access is prohibited!!!!!
Primary-DNS: 10.10.4.5
Secondary-DNS: 10.11.12.7
Primary-WINS: 10.20.1.44
SEP-Card-Assignment: 1
IPSec-Tunnel-Type: 2
Tunneling-Protocols: 7
Confidence-Interval: 300
IPSec-Allow-Passwd-Store: TRUE
objectClass: User-Authorization
Reviewing Examples of Active Directory Configurations
This section presents example procedures for configuring authentication and authorization on the
security appliance using the Microsoft Active Directory server. It includes the following topics:
•
•
•
Example 1: Configuring LDAP Authorization with Microsoft Active Directory (ASA/PIX)
This example presents a configuration procedure for authentication using SDI and authorization using
LDAP and Microsoft Active Directory (AD). To execute this sample procedure, perform the following
steps:
Using LDIF files, create the User-Authorization record on the Microsoft AD database. This record
Step 1
contains the Cisco VPN authorization attributes for the user.
Cisco Security Appliance Command Line Configuration Guide
E-18
ldap_user .ldif
Example 1: Configuring LDAP Authorization with Microsoft Active Directory (ASA/PIX)
Example 2: Configuring LDAP Authentication with Microsoft Active Directory
Example 3: LDAP Authentication and LDAP Authorization with Microsoft Active Directory
Appendix E
Configuring an External Server for Authorization and Authentication
file resides:
ldifde -i -f ldap_user .ldif.
.
.ldif
For example:
ldifde -i
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
