Configuring An Ldap Server; Authentication With Ldap - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Configuring an LDAP Server
hostname(config-aaa-server-host)# exit
hostname(config)# aaa-server AuthInbound (inside) host 10.1.1.2
hostname(config-aaa-server-host)# key TACPlusUauthKey2
hostname(config-aaa-server-host)# exit
hostname(config)# aaa-server AuthOutbound protocol radius
hostname(config-aaa-server-group)# exit
hostname(config)# aaa-server AuthOutbound (inside) host 10.1.1.3
hostname(config-aaa-server-host)# key RadUauthKey
hostname(config-aaa-server-host)# exit
hostname(config)# aaa-server NTAuth protocol nt
hostname(config-aaa-server-group)# exit
hostname(config)# aaa-server NTAuth (inside) host 10.1.1.4
hostname(config-aaa-server-host)# nt-auth-domain-controller primary1
hostname(config-aaa-server-host)# exit
Example 13-2
AAA server to the group, and define the Kerberos realm for the server. Because
define a retry interval or the port that the Kerberos server listens to, the security appliance uses the
default values for these two server-specific parameters.
server host mode commands.
Kerberos realm names use numbers and upper-case letters only. Although the security appliance accepts
Note
lower-case letters for a realm name, it does not translate lower-case letters to upper-case letters. Be sure
to use upper-case letters only.
Example 13-2 Kerberos Server Group and Server
hostname(config)# aaa-server watchdogs protocol kerberos
hostname(config-aaa-server-group)# aaa-server watchdogs host 192.168.3.4
hostname(config-aaa-server-host)# kerberos-realm EXAMPLE.COM
hostname(config-aaa-server-host)# exit
hostname(config)#
Configuring an LDAP Server
This section describes using an LDAP directory with the security appliance for user authentication and
VPN authorization. This section includes the following topics:
•
•
•
For example configuration procedures used to set up LDAP authentication or authorization, see
Appendix E, "Configuring an External Server for Authorization and
Authentication with LDAP
During authentication, the security appliance acts as a client proxy to the LDAP server for the user, and
authenticates to the LDAP server in either plain text or using the Simple Authentication and Security
Layer (SASL) protocol. By default, the security appliance passes authentication parameters, usually a
username and password, to the LDAP server in plain text. Whether using SASL or plain text, you can
secure the communications between the security appliance and the LDAP server with SSL using the
ldap-over-ssl command.
Cisco Security Appliance Command Line Configuration Guide
13-12
shows commands that configure a Kerberos AAA server group named watchdogs, add a
Authentication with LDAP, page 13-12
Authorization with LDAP for VPN, page 13-14
LDAP Attribute Mapping, page 13-14
Chapter 13
Configuring AAA Servers and the Local Database
Table 13-2
lists the default values for all AAA
Authentication".
Example 13-2
does not
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
