Cisco ASA 5505 Configuration Manual page 662

Asa 5500 series

Hide thumbs Also See for ASA 5505:

Getting started manual (168 pages)

Administrator's manual (118 pages)

Hardware installation manual (82 pages)

Table of Contents

Configuring AAA Server Groups

LDAP Attribute Map

SASL MD5 authentication

SASL Kerberos

authentication

Kerberos Server Group

Cisco ASA 5500 Series Configuration Guide using ASDM

The adaptive security appliance uses the Login Distinguished Name

(DN) and Login Password to establish trust (bind) with an LDAP server.

The Login DN represents a user record in the LDAP server that the

administrator uses for binding.

When binding, the adaptive security appliance authenticates to the

server using the Login DN and the Login password. When performing a

Microsoft Active Directory read-only operation (such as authentication,

authorization, or group-search), the adaptive security appliance can bind

with a Login DN with fewer privileges. For example, the Login DN can

be a user whose AD "Member Of" designation is part of Domain Users.

For VPN password management operations, the Login DN needs

elevated privileges and must be part of the Account Operators AD

The following is an example of a Login DN:

cn=Binduser1,ou=Admins,ou=Users,dc=company_A,dc=com

The adaptive security appliance supports:

Simple LDAP authentication with an unencrypted password on port

Secure LDAP (LDAP-S) on port 636

Simple Authentication and Security Layer (SASL) MD5

SASL Kerberos

The adaptive security appliance does not support anonymous

authentication.

The password for the Login DN user account. The characters you type

are replaced with asterisks.

The LDAP attribute maps that you can apply to LDAP server. Used to

map Cisco attribute names to user-defined attribute names and values.

"Configuring LDAP Attribute Maps" section on page

When checked, the MD5 mechanism of the SASL authenticates

communications between the adaptive security appliance and the LDAP

When checked, the Kerberos mechanism of the SASL secures

authentication communications between the adaptive security appliance

and the LDAP server.

The Kerberos server or server group used for authentication. The

Kerberos Server group option is disabled by default and is enabled only

when SASL Kerberos authentication is chosen.

Configuring AAA Servers and the Local Database

Show Quick Links

Chapters

Table of Contents

Asa 5510 Asa 5540 Asa 5520 Asa 5550 Asa 5580

Cisco ASA 5505 Configuration Manual page 662

Hide quick links:

Chapters

Related Manuals for Cisco ASA 5505

Related Products for Cisco ASA 5505

This manual is also suitable for:

Table of Contents