Configuring Microsoft Active Directory Settings For Password Management - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Configuring Tunnel Groups
hostname(config-tunnel-webvpn)# customization salesgui
Set the group URL to the address that the user enters into the browser to log in to the security appliance;
Step 5
for example, if the security appliance has the IP address 192.168.3.3, set the group URL to
https://192.168.3.3:
hostname(config-tunnel-webvpn)# group-url https://192.168.3.3.
hostname(config-tunnel-webvpn)#
If a port number is required for a successful login, include the port number, preceded by a colon. The
security appliance maps this URL to the sales tunnel group and applies the salesgui customization profile
to the login screen that the user sees upon logging in to https://192.168.3.3.
Configuring Microsoft Active Directory Settings for Password Management
Note
If you are using an LDAP directory server for authentication, password management is supported with
the Sun Microsystems JAVA System Directory Server (formerly named the Sun ONE Directory Server)
and the Microsoft Active Directory.
•
•
See the
To use password management with Microsoft Active Directory, you must set certain Active Directory
parameters as well as configuring password management on the security appliance. This section
describes the Active Directory settings associated with various password management actions. These
descriptions assume that you have also enabled password management on the security appliance and
configured the corresponding password management attributes. The specific steps in the following
sections refer to Active Directory terminology under Windows 2000.
•
•
•
•
The following sections assume that you are using an LDAP directory server for authentication.
Using Active Directory to Force the User to Change Password at Next Logon
To force a user to change the user password at the next logon, specify the password-management
command in tunnel-group general-attributes configuration mode on the security appliance and do the
following steps under Active Directory:
Cisco Security Appliance Command Line Configuration Guide
30-24
Sun—The DN configured on the security appliance to access a Sun directory server must be able to
access the default password policy on that server. We recommend using the directory administrator,
or a user with directory administrator privileges, as the DN. Alternatively, you can place an ACI on
the default password policy.
Microsoft—You must configure LDAP over SSL to enable password management with Microsoft
Active Directory.
"Setting the LDAP Server Type" section on page 13-7
Using Active Directory to Force the User to Change Password at Next Logon, page
Using Active Directory to Specify Maximum Password Age, page
Using Active Directory to Override an Account Disabled AAA Indicator, page 30-27
Using Active Directory to Enforce Password Complexity, page
Chapter 30
Configuring Tunnel Groups, Group Policies, and Users
for more information.
30-26.
30-29.
30-24.
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
