Comments on: ASA LDAP Auth the nice and easy way. http://www.staticnat.com/WP/2007/08/10/asa-ldap-auth-the-nice-and-easy-way/ static (INSIDE,OUTSIDE) 127.0.01 127.0.0.1 netmask 255.255.255.255 Thu, 17 Nov 2011 23:44:31 -0500 hourly 1 http://wordpress.org/?v=3.3.1 By: StaticNAT » Blog Archive » Get Your ACS in Order! http://www.staticnat.com/WP/2007/08/10/asa-ldap-auth-the-nice-and-easy-way/comment-page-1/#comment-26497 StaticNAT » Blog Archive » Get Your ACS in Order! Sun, 12 Dec 2010 07:25:30 +0000 http://www.staticnat.com/WP/2007/08/10/asa-ldap-auth-the-nice-and-easy-way/#comment-26497 [...] ASA LDAP Auth the nice and easy way. This entry was posted on Tuesday, October 26th, 2010 at 10:43 pm and is filed under Cisco, Hardware, On the Job. You can follow any responses to this entry through the RSS 2.0 feed.You can leave a response, or trackback from your own site. blog comments powered by Disqus /* [...] [...] ASA LDAP Auth the nice and easy way. This entry was posted on Tuesday, October 26th, 2010 at 10:43 pm and is filed under Cisco, Hardware, On the Job. You can follow any responses to this entry through the RSS 2.0 feed.You can leave a response, or trackback from your own site. blog comments powered by Disqus /* [...]

]]> By: gmsmith http://www.staticnat.com/WP/2007/08/10/asa-ldap-auth-the-nice-and-easy-way/comment-page-1/#comment-18450 gmsmith Wed, 31 Dec 2008 01:57:33 +0000 http://www.staticnat.com/WP/2007/08/10/asa-ldap-auth-the-nice-and-easy-way/#comment-18450 So, as I mentioned in email, I got the 1 in 5 at Cisco TAC. In my last real job, we had a chart of companies and their tech support. Something like: Cisco - 1 in 5 actually knew something Sun - 1 in 10 actually knew something Salesforce - 1 in 100 actually knew something RedHat - Yeah, good luck Anyway, for the details....I have tested this on my home setup and it works great... Essentially if you follow the direction on the link above and then issue the following at a config t prompt: Group-policy noconnection internal group-policy noconnection attributes vpn-simultaneous-logins 0 exit tunnel-group <> general-attributes no default-group-policy <> default-group-policy noconnection *The lines above will switch the default group policy on the <> group to be noconnection which prevents access to the ASA for users that do not have a gidNumber equals to the gidNumber you set. So, as I mentioned in email, I got the 1 in 5 at Cisco TAC. In my last real job, we had a chart of companies and their tech support. Something like:

Cisco – 1 in 5 actually knew something
Sun – 1 in 10 actually knew something
Salesforce – 1 in 100 actually knew something
RedHat – Yeah, good luck

Anyway, for the details….I have tested this on my home setup and it works great…

Essentially if you follow the direction on the link above and then issue the following at a config t prompt:

Group-policy noconnection internal

group-policy noconnection attributes

vpn-simultaneous-logins 0

exit

tunnel-group <> general-attributes

no default-group-policy <>

default-group-policy noconnection

*The lines above will switch the default group policy on the <> group to be noconnection which prevents access to the ASA for users that do not have a gidNumber equals to the gidNumber you set.

]]> By: cratejockey http://www.staticnat.com/WP/2007/08/10/asa-ldap-auth-the-nice-and-easy-way/comment-page-1/#comment-18425 cratejockey Mon, 29 Dec 2008 18:31:19 +0000 http://www.staticnat.com/WP/2007/08/10/asa-ldap-auth-the-nice-and-easy-way/#comment-18425 Thanks Greg! He provided the following link as a follow up to our off-line conversation. http://209.85.135.104/translate_c?hl=en&sl=fr&tl=en&u=http://pm.itguys.fr/blog/tags/asa/&usg=ALkJrhj0dOIxqsafNO8RSkeKrUNxzasSeQ Plus he has an open TAC case and has offered to share his results. Thanks Greg! He provided the following link as a follow up to our off-line conversation.

http://209.85.135.104/translate_c?hl=en&sl=fr&tl=en&u=http://pm.itguys.fr/blog/tags/asa/&usg=ALkJrhj0dOIxqsafNO8RSkeKrUNxzasSeQ

Plus he has an open TAC case and has offered to share his results.

]]> By: gmsmith http://www.staticnat.com/WP/2007/08/10/asa-ldap-auth-the-nice-and-easy-way/comment-page-1/#comment-17627 gmsmith Sun, 07 Dec 2008 01:14:31 +0000 http://www.staticnat.com/WP/2007/08/10/asa-ldap-auth-the-nice-and-easy-way/#comment-17627 Quick question for you, I am trying to limit my LDAP authentication to a specific group in OS X OpenDirectory (10.5.5), but I can't seem to do it...did you have any luck with this? Quick question for you, I am trying to limit my LDAP authentication to a specific group in OS X OpenDirectory (10.5.5), but I can’t seem to do it…did you have any luck with this?

]]> By: jfh6200 http://www.staticnat.com/WP/2007/08/10/asa-ldap-auth-the-nice-and-easy-way/comment-page-1/#comment-5149 jfh6200 Fri, 23 Nov 2007 15:20:27 +0000 http://www.staticnat.com/WP/2007/08/10/asa-ldap-auth-the-nice-and-easy-way/#comment-5149 Josh, this is an excelletn post...You can find a sample config @ my website (http://6200networks.com/?p=25)...Keep up the great work man. -Joe Josh, this is an excelletn post…You can find a sample config @ my website (http://6200networks.com/?p=25)…Keep up the great work man.

-Joe

]]>