Configuring Microsoft Active Directory Settings For Password Management - Cisco PIX 500 Series Configuration Manual

Chapter 30 Configuring Connection Profiles, Group Policies, and Users
hostname# tunnel-group sales webvpn-attributes
hostname(config-tunnel-webvpn)# customization salesgui
Step 5 Set the group URL to the address that the user enters into the browser to log in to the security appliance;
for example, if the security appliance has the IP address 192.168.3.3, set the group URL to
https://192.168.3.3:
hostname(config-tunnel-webvpn)# group-url https://192.168.3.3.
hostname(config-tunnel-webvpn)#
If a port number is required for a successful login, include the port number, preceded by a colon. The
security appliance maps this URL to the sales connection profile and applies the salesgui customization
profile to the login screen that the user sees upon logging in to https://192.168.3.3.

Configuring Microsoft Active Directory Settings for Password Management

If you are using an LDAP directory server for authentication, password management is supported with
Note
the Sun Microsystems JAVA System Directory Server (formerly named the Sun ONE Directory Server)
and the Microsoft Active Directory.
•
•
See the
To use password management with Microsoft Active Directory, you must set certain Active Directory
parameters as well as configuring password management on the security appliance. This section
describes the Active Directory settings associated with various password management actions. These
descriptions assume that you have also enabled password management on the security appliance and
configured the corresponding password management attributes. The specific steps in the following
sections refer to Active Directory terminology under Windows 2000.
•
•
•
•
The following sections assume that you are using an LDAP directory server for authentication.
OL-12172-03
Sun—The DN configured on the security appliance to access a Sun directory server must be able to
access the default password policy on that server. We recommend using the directory administrator,
or a user with directory administrator privileges, as the DN. Alternatively, you can place an ACI on
the default password policy.
Microsoft—You must configure LDAP over SSL to enable password management with Microsoft
Active Directory.
"Setting the LDAP Server Type" section on page 13-13
Using Active Directory to Force the User to Change Password at Next Logon, page
Using Active Directory to Specify Maximum Password Age, page
Using Active Directory to Override an Account Disabled AAA Indicator, page 30-30
Using Active Directory to Enforce Password Complexity, page
for more information.
30-32.
Cisco Security Appliance Command Line Configuration Guide
Configuring Connection Profiles
30-28.
30-29.
30-27