1.拓撲圖:
參考:http://bbs.51cto.com/thread-728599-1-1.html
2.ASA配置步驟:
A.添加LDAP認證類型的aaa-server
aaa-server yuntian.com protocol ldap
max-failed-attempts 2
aaa-server yuntian.com (inside) host 100.1.1.100
ldap-base-dn cn=users,dc=yuntian,dc=com
ldap-group-base-dn dc=yuntian,dc=com
ldap-scope subtree
ldap-login-password *****
ldap-login-dn cn=xllldap,cn=users,dc=yuntian,dc=com
server-type microsoft
B.設定允許telnet的主機IP:
telnet 100.1.1.0 255.255.255.0 inside
C.進行AAA測試:
ciscoasa# test aaa-server authentication yuntian.com username xllldap password 1234qwer,
Server IP Address or name: 100.1.1.100
INFO: Attempting Authentication test to IP address <100.1.1.100> (timeout: 12 seconds)
INFO: Authentication Successful
查看本欄目更多精彩內容:http://www.bianceng.cnhttp://www.bianceng.cn/Network/Firewall/
D.在域控的AD中添加帳號並測試登入:
User Access Verification
Username: xll
Password: ********
Username: administrator
Password: *********
Type help or '?' for a list of available c
ciscoasa> en
Password:
ciscoasa#
本文出自 “httpyuntianjxxll.spac..” 部落格,請務必保留此出處http://333234.blog.51cto.com/323234/931998