Cisco Cisco Clean Access 3.5
6-16
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 6 User Management: Auth Servers
Authenticating Against Active Directory
Authenticating Against Active Directory
Several types of authentication providers in the Clean Access Manager can be used to authenticate users
against an Active Directory server, Microsoft’s proprietary directory service. These include Windows
NT (NTLM), Kerberos, and LDAP (preferred).
against an Active Directory server, Microsoft’s proprietary directory service. These include Windows
NT (NTLM), Kerberos, and LDAP (preferred).
If using LDAP to connect to AD, the search DN (distinguished name) typically has to be set to the DN
of an account with administrative privileges. The first CN (common name) entry should be an
administrator of the AD, or a user with read privileges. Note that the search filter, sAMAccountName,
is the user login name in the default AD schema.
of an account with administrative privileges. The first CN (common name) entry should be an
administrator of the AD, or a user with read privileges. Note that the search filter, sAMAccountName,
is the user login name in the default AD schema.
AD/LDAP Configuration Example
The following illustrates a sample configuration using LDAP to communicate with the backend Active
Directory:
Directory:
1.
Create a Domain Admin user within Active Directory Users and Computers. Place this user into the
Users folder.
Users folder.
2.
Within Active Directory Users and Computers, select Find from the Actions menu. Make sure that
your results show the Group Membership column for the created user. Your search results should
show the user and the associated Group Membership within Active Directory. This information is
what you will need to transfer into the Clean Access Manager.
your results show the Group Membership column for the created user. Your search results should
show the user and the associated Group Membership within Active Directory. This information is
what you will need to transfer into the Clean Access Manager.
Figure 6-10
Find Group Membership within Active Directory
3.
From the Clean Access Manager web console, go to the User Management > Auth Servers > New
Server form.
Server form.
4.
Choose LDAP as the Server Type.
5.
For the Search DN and Search Base Context fields, input the results from the Find within Active
Directory Users and Computers.
Directory Users and Computers.