Cisco FirePOWER ASA 5500 series Configuration Manual page 931
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Appendix E
Configuring an External Server for Authorization and Authentication
Review specific user attributes and values by right-clicking the username and clicking Properties. The
Username Properties dialog box appears as shown in
Figure E-4
The department attribute is configured under the Organization tab in the Active Directory Users and
Note
Computers window.
To configure this example, perform the following steps on the security appliance:
Create a aaa-server record for the LDAP authentication server and use the ldap-base-dn to specify the
Step 1
search location for the Active Directory user records as shown in the following example commands:
hostname(config)# aaa-server ldap-authenticate-grp protocol ldap
hostname(config-aaa-server-group)# aaa-server ldap-authenticate-grp host 10.1.1.4
hostname(config-aaa-server-host)# ldap-base-dn cn=Users,dc=frdevtestad,dc=local
hostname(config-aaa-server-host)# ldap-scope subtree
hostname(config-aaa-server-host)# ldap-naming-attribute cn
hostname(config-aaa-server-host)# ldap-login-password anypassword
hostname(config-aaa-server-host)# ldap-login-dn cn=Administrator,cn=Users,
dc=frdevtestad,dc=local
hostname(config-aaa-server-host)#
Step 2
Create an LDAP mapping table entry to map the AD attribute department to the Cisco attribute
cVPN3000-IETF-Radius-Class as shown in the following example commands:
hostname(config)# ldap attribute-map ActiveDirectoryMapTable
OL-10088-01
The Username Properties Dialog Box
Cisco Security Appliance Command Line Configuration Guide
Configuring an External LDAP Server
Figure
E-4.
E-21
Advertisement
Table of Contents
Troubleshooting
