![]() Where you could change userPrincipalName to maybe the computer CN and base-dn to the Computers container? ![]() Ldap-login-dn CN=,OU=ServiceAccounts,OU=Users,OU=Dept,DC=company,DC=org Ldap-base-dn OU=Users,OU=Dept,DC=company,DC=org In other words, is there a Computer equivalent to the User AAA: aaa-server AD-LDAP protocol ldapĪaa-server AD-LDAP (INSIDE) host AD-SERVER Or is there a way to have the ASA 'proxy' do something similar to the Kerberos authentication that the computer would do with AD in order to validate access? ![]() My first guess is that I may have to switch to RADIUS? If we had an Enterprise Certificate Authority setup for the Domain with auto-enrollment, we could check the computer certificates, but we do not, nor can we. The primary authentication is for the user, with a secondary authentication setup for the computer with DAP. The AAA uses LDAP to talk to active directory. I have an ASA VPN setup, with Cisco Security Desktop, and a Dynamic Access Policy to check the host. We want to be able to disable a computer in Active Directory and prevent that computer from accessing our VPN. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |