Cisco Cisco Firepower Management Center 4000
48-12
FireSIGHT System User Guide
Chapter 48 Managing Users
Managing Authentication Objects
•
If you are connecting to a Microsoft Active Directory Server, select
MS Active Directory
, then click
Set Defaults
.
•
If you are connecting to a Sun Java Systems Directory Server or Oracle Directory Server, select
Oracle Directory
, then click
Set Defaults
.
•
If you are connecting to an OpenLDAP server, select
OpenLDAP
, then click
Set Defaults
.
•
If you are connecting to a server other than those listed above and want to clear default settings,
select
select
Other
, then click
Set Defaults
.
Step 7
Type the IP address or host name for the primary server where you want to obtain authentication data in
the
the
Primary Server Host Name/IP Address
field.
Note
If you are using a certificate to connect via TLS or SSL, the host name in the certificate must
match the host name used in this field. In addition, IPv6 addresses are not supported for
encrypted connections.
match the host name used in this field. In addition, IPv6 addresses are not supported for
encrypted connections.
Step 8
To fetch a list of all base DNs, click
Fetch DNs
and select the appropriate base DN from the drop-down
list.
For example, to authenticate names in the Security organization at the Example company, select
ou=security,dc=example,dc=com
.
Step 9
Optionally, to set a filter that retrieves only specific objects within the directory you specified as the Base
DN, type the attribute type, a comparison operator, and the attribute value you want to use as a filter,
enclosed in parentheses, in the
DN, type the attribute type, a comparison operator, and the attribute value you want to use as a filter,
enclosed in parentheses, in the
Base Filter
field.
For example, if the user objects in a tree have a physicalDeliveryOfficeName attribute and users in the
New York office have an attribute value of
New York office have an attribute value of
NewYork
for that attribute, to retrieve only users in the New
York office, type
(physicalDeliveryOfficeName=NewYork)
.
Step 10
In the
User Name
and
Password
fields, type the distinguished name and password for a user who has
sufficient credentials to browse the LDAP server.
For example, if you are connecting to an OpenLDAP server where user objects have a
uid
attribute and
the object for the administrator in the Security division at our example company has a
uid
value of
NetworkAdmin
, you might type
uid=NetworkAdmin,ou=security,dc=example,dc=com.
Caution
If you are connecting to a Microsoft Active Directory Server, you cannot provide a server user name that
ends with the
ends with the
$
character.
Step 11
Retype the password in the
Confirm Password
field.
Step 12
Optionally, to retrieve users for shell access, type the attribute type you want to filter on in the
Shell
Access Attribute
field.
For example, on a Microsoft Active Directory Server, use the
sAMAccountName
shell access attribute to
retrieve shell access users by typing
sAMAccountName
in the
Shell Access Attribute
field.
Note
IPv6 addresses are not supported for shell authentication.
Step 13
In the
User Name
and
Password
fields, type the
uid
value or shell access attribute value and password for
the user whose credentials should be used to validate access to the LDAP server. Note, again, that server
user names associated with a Microsoft Active Directory Server cannot end with the character
user names associated with a Microsoft Active Directory Server cannot end with the character
$
.