ASA8.42的Windows AD域LDAP認證

1.拓撲圖：

參考：http://bbs.51cto.com/thread-728599-1-1.html

2.ASA配置步驟：

A.添加LDAP認證類型的aaa-server

aaa-server yuntian.com protocol ldap

max-failed-attempts 2

aaa-server yuntian.com (inside) host 100.1.1.100

ldap-base-dn cn=users,dc=yuntian,dc=com

ldap-group-base-dn dc=yuntian,dc=com

ldap-scope subtree

ldap-login-password *****

ldap-login-dn cn=xllldap,cn=users,dc=yuntian,dc=com

server-type microsoft

B.設定允許telnet的主機IP：

telnet 100.1.1.0 255.255.255.0 inside

C.進行AAA測試：

ciscoasa# test aaa-server authentication yuntian.com username xllldap password 1234qwer,

Server IP Address or name: 100.1.1.100

INFO: Attempting Authentication test to IP address <100.1.1.100> (timeout: 12 seconds)

INFO: Authentication Successful

查看本欄目更多精彩內容：http://www.bianceng.cnhttp://www.bianceng.cn/Network/Firewall/

D.在域控的AD中添加帳號並測試登入：

User Access Verification

Username: xll

Password: ********

Username: administrator

Password: *********

Type help or '?' for a list of available c

ciscoasa> en

Password:

ciscoasa#

本文出自 “httpyuntianjxxll.spac..” 部落格，請務必保留此出處http://333234.blog.51cto.com/323234/931998