Cisco Cisco Clean Access 3.5

Several types of authentication providers in the Clean Access Manager can be used to authenticate users 
against an Active Directory server, Microsoft’s proprietary directory service. These include Windows 
NT (NTLM), Kerberos, and LDAP (preferred).

If using LDAP to connect to AD, the search DN (distinguished name) typically has to be set to the DN 
of an account with administrative privileges. The first CN (common name) entry should be an 
administrator of the AD, or a user with read privileges. Note that the search filter, sAMAccountName, 
is the user login name in the default AD schema. 

The following illustrates a sample configuration using LDAP to communicate with the backend Active 
Directory: 

Create a Domain Admin user within Active Directory Users and Computers. Place this user into the 
Users folder.

Within Active Directory Users and Computers, select Find from the Actions menu. Make sure that 
your results show the Group Membership column for the created user. Your search results should 
show the user and the associated Group Membership within Active Directory. This information is 
what you will need to transfer into the Clean Access Manager. 

From the Clean Access Manager web console, go to the User Management > Auth Servers > New 
Server form. 

Choose LDAP as the Server Type. 

For the Search DN and Search Base Context fields, input the results from the Find within Active 
Directory Users and Computers.