EasyManua.ls Logo

Cisco ASA 5505 - Page 662

Cisco ASA 5505
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
31-16
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 31 Configuring AAA Servers and the Local Database
Configuring AAA Server Groups
Login DN The adaptive security appliance uses the Login Distinguished Name
(DN) and Login Password to establish trust (bind) with an LDAP server.
The Login DN represents a user record in the LDAP server that the
administrator uses for binding.
When binding, the adaptive security appliance authenticates to the
server using the Login DN and the Login password. When performing a
Microsoft Active Directory read-only operation (such as authentication,
authorization, or group-search), the adaptive security appliance can bind
with a Login DN with fewer privileges. For example, the Login DN can
be a user whose AD “Member Of” designation is part of Domain Users.
For VPN password management operations, the Login DN needs
elevated privileges and must be part of the Account Operators AD
group.
The following is an example of a Login DN:
cn=Binduser1,ou=Admins,ou=Users,dc=company_A,dc=com
The adaptive security appliance supports:
Simple LDAP authentication with an unencrypted password on port
389
Secure LDAP (LDAP-S) on port 636
Simple Authentication and Security Layer (SASL) MD5
SASL Kerberos
The adaptive security appliance does not support anonymous
authentication.
Login Password The password for the Login DN user account. The characters you type
are replaced with asterisks.
LDAP Attribute Map The LDAP attribute maps that you can apply to LDAP server. Used to
map Cisco attribute names to user-defined attribute names and values.
See the “Configuring LDAP Attribute Maps” section on page 31-22.
SASL MD5 authentication
check box
When checked, the MD5 mechanism of the SASL authenticates
communications between the adaptive security appliance and the LDAP
server.
SASL Kerberos
authentication
When checked, the Kerberos mechanism of the SASL secures
authentication communications between the adaptive security appliance
and the LDAP server.
Kerberos Server Group The Kerberos server or server group used for authentication. The
Kerberos Server group option is disabled by default and is enabled only
when SASL Kerberos authentication is chosen.
Field Description

Table of Contents

Other manuals for Cisco ASA 5505

Preview: Quick Start Guide
Quick Start Guide2 pages
Preview: Getting Started Guide
Getting Started Guide168 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages

Related product manuals