Cisco PIX 500 Series Configuration Manual page 1071
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Appendix E
Configuring an External Server for Authorization and Authentication
Figure E-4
The department attribute is configured under the Organization tab in the Active Directory Users and
Note
Computers window.
To configure this example, perform the following steps on the security appliance:
Create a aaa-server record for the LDAP authentication server and use the ldap-base-dn to specify the
Step 1
search location for the Active Directory user records as shown in the following example commands:
hostname(config)# aaa-server ldap-authenticate-grp protocol ldap
hostname(config-aaa-server-group)# aaa-server ldap-authenticate-grp host 10.1.1.4
hostname(config-aaa-server-host)# ldap-base-dn cn=Users,dc=frdevtestad,dc=local
hostname(config-aaa-server-host)# ldap-scope subtree
hostname(config-aaa-server-host)# ldap-naming-attribute cn
hostname(config-aaa-server-host)# ldap-login-password anypassword
hostname(config-aaa-server-host)# ldap-login-dn cn=Administrator,cn=Users,
dc=frdevtestad,dc=local
hostname(config-aaa-server-host)#
Create an LDAP mapping table entry to map the AD attribute department to the Cisco attribute
Step 2
IETF-Radius-Class as shown in the following example commands:
hostname(config)# ldap attribute-map ActiveDirectoryMapTable
hostname(config-ldap-attribute-map)# map-name department IETF-Radius-Class
hostname(config-ldap-attribute-map)#
OL-12172-03
The Username Properties Dialog Box
Cisco Security Appliance Command Line Configuration Guide
Configuring an External LDAP Server
E-21
Advertisement
Table of Contents
Troubleshooting
