Cisco Cisco Firepower Management Center 4000
48-24
FireSIGHT System User Guide
Chapter 48 Managing Users
Managing Authentication Objects
The test output lists valid and invalid user names. Valid user names are unique, and can include
underscores (_), periods (.), and hyphens (-), but otherwise only alphanumeric characters are supported.
Invalid user names are user names containing other non-alphanumeric characters, such as spaces.
underscores (_), periods (.), and hyphens (-), but otherwise only alphanumeric characters are supported.
Invalid user names are user names containing other non-alphanumeric characters, such as spaces.
Note that testing the connection to servers with more than 1000 users only returns 1000 users because
of web interface page size limitations.
of web interface page size limitations.
Tip
If you mistype the name or password of the test user, the test fails even if the server configuration is
correct. Test the server configuration without the additional test parameters first. If that succeeds supply
a user name and password to test with the specific user.
correct. Test the server configuration without the additional test parameters first. If that succeeds supply
a user name and password to test with the specific user.
To test user authentication:
Access:
Admin
Step 1
In the
User Name
and
Password
fields, type the
uid
value or shell access attribute value and password for
the user whose credentials should be used to validate access to the LDAP server.
For example, to test to see if you can retrieve the
JSmith
user credentials at the Example company, type
JSmith.
Step 2
Click
Test
.
A message appears, either indicating success of the test or detailing what settings are missing or need to
be corrected. You have two options:
be corrected. You have two options:
•
If the test succeeds, the test output appears at the bottom of the page. Click
Save
. The Login
Authentication page appears, with the new object listed.
To enable LDAP authentication using the object on an appliance, you must apply a system policy
with that object enabled to the appliance. For more information, see
with that object enabled to the appliance. For more information, see
and
•
If the test fails, see
for suggestions for
troubleshooting the connection. Note that the error message that appears indicates what caused the
connection to fail.
connection to fail.
LDAP Authentication Object Examples
License:
Any
The following sections provide an example of LDAP configuration using basic settings and an example
using more advanced configuration options:
using more advanced configuration options:
•
•
Example: Basic LDAP Configuration
License:
Any
The following figure illustrates a basic configuration of an LDAP login authentication object for a
Microsoft Active Directory Server. The LDAP server in this example has an IP address of 10.11.3.4. The
connection uses port 389 for access.
Microsoft Active Directory Server. The LDAP server in this example has an IP address of 10.11.3.4. The
connection uses port 389 for access.