ASA8.42的Windows AD域LDAP认证

1.拓扑图:

参考:http://bbs.51cto.com/thread-728599-1-1.html

2.ASA配置步骤:

A.添加LDAP认证类型的aaa-server

aaa-server yuntian.com protocol ldap
 max-failed-attempts 2
aaa-server yuntian.com (inside) host 100.1.1.100
 ldap-base-dn cn=users,dc=yuntian,dc=com
 ldap-group-base-dn dc=yuntian,dc=com
 ldap-scope subtree
 ldap-login-password *****
 ldap-login-dn cn=xllldap,cn=users,dc=yuntian,dc=com
 server-type microsoft

B.设定允许telnet的主机IP:

 telnet 100.1.1.0 255.255.255.0 inside

C.进行AAA测试:

ciscoasa# test aaa-server authentication yuntian.com username xllldap password 1234qwer, 

Server IP Address or name: 100.1.1.100
INFO: Attempting Authentication test to IP address <100.1.1.100> (timeout: 12 seconds)
INFO: Authentication Successful

D.在域控的AD中添加帐号并测试登录:

User Access Verification

Username: xll
Password: ********
Username: administrator
Password: *********
Type help or '?' for a list of available c
ciscoasa> en
Password:
ciscoasa#

你可能感兴趣的:(LDAP认证,ASS842)