- How Does Active Directory Authenticate
- Active Directory User Authentication Process
- Azure Active Directory Authentication
- Cisco Asa Active Directory Authentication
Hi All i have a probleme with LDAP authentification. I have an cisco Asa5510 and windows 2008 R2 server i create LDAP authentification. Aaa-server LDAPGROUP protocol ldap aaa-server LDAPGROUP (inside) host 10.0.1.30 server-port 389 ldap-base-dn dc=reseaux,dc=local ldap-naming-attribute sAMAccount. It downloads and stores the Active Directory database to query for future authorization requests. It redirects requests to the Active Directory server defined for the VPN group. Answer: A Explanation: When ASA needs to authenticate a user to the configured LDAP server, it first tries to login using the login DN provided.
KB ID 0000685
Problem
Note: The procedure is the same for Server 2016 and 2019
This week I was configuring some 2008 R2RADIUS authentication, so I thought I’d take a look at how Microsoft have changed the process for 2012. The whole thing was surprisingly painless.
I will say that Kerberos Authentication is a LOT easier to configure, but I’ve yet to test that with 2012, (watch this space).
Solution
Step 1 Configure the ASA for AAA RADIUS Authentication
1. Connect to your ASDM, > Configuration.
2. Remote Access VPN.
3. AAA Local Users > AAA Server Groups.
4. In the Server group section > Add.
5. Give the group a name and accept the defaults > OK.
6. Now (with the group selected) > In the bottom (Server) section > Add.
7. Specify the IP address, and a shared secret that the ASA will use with the 2012 Server performing RADIUS > OK.
8. Apply.
Configure AAA RADIUS from command line;
Step 2 Configure Windows 2012 Server to allow RADIUS
9. On the Windows 2012 Server > Launch Server Manager > Local Server.
10. Manage > Add Roles and Features.
11. If you get an initial welcome page, tick the box to ‘skip’ > Next > Accept the ‘Role based or feature based installation’ > Next.
12. We are installing locally > Next.
13. Add ‘Network Policy and Access Server’ > Next.
14. Add Features.
15. Next.
16. Next.
17. Next.
18. Install.
19. When complete > Close.
20. Select NPAS (Server 2016), or NAP (Server 2012).
21. Right click the server > Network Policy Server.
22. Right click NPS > Register server in Active Directory.
23. Expand RADIUS > right click RADIUS clients > New.
24. Give the firewall a friendly name, (take note of what this is, you will need it again) > Specify its IP > Enter the shared secret you setup above (number 7) > OK.
25. Expand policies > right click ‘Connection Request Policies’ > New.
26. Give the policy a name > Next.
27. Add a condition > Set the condition to ‘Client Friendly Name’ > Add.
28. Specify the name you set up above (number 24) > OK > Next.
29. Next.
30. Next.
31. Change the attribute to ‘User-Name’ > Next.
32. Finish.
33. Now right click ‘Network Policies’ > New.
34. Give the policy a name> Next.
35. Add a condition > User Groups.
36. Add in the AD security group you want to allow access to > OK > Next.
37. Next.
38. Access Granted > Next.
39. Select ‘Unencrypted Authentication PAPSPAP” > Next.
40. Select No.
How Does Active Directory Authenticate
41. Next.
42. Next.
![Authentication Authentication](/uploads/1/1/8/2/118258918/476323648.jpg)
43. Finish.
Step 3 Test RADIUS Authentication
44. Back at the ASDM, in the same page you were in previously, select your server and then click ‘Test’.
45. Change the selection to Authentication > Enter your domain credentials > OK.
46. You are looking for a successful outcome.
Note: if it fails check there is physical connectivity between the two devices, the shared secrets match. Also ensure UDP ports 1645 and 1646 are not being blocked.
To Test AAA RADIUS Authentication from Command Line
test aaa-server authentication PNL-RADIUS host 172.16.254.223 username petelong password password123
47. Finally, save the firewall changes > File > Save running configuration to flash.
Related Articles, References, Credits, or External Links
Job Description
- Responsible for day-to-day administration duties including Windows Active Directory object maintenance, Conducts complex troubleshooting and repair tasks on Active Directory, Windows Server 2008-2019, Domain Controllers, DNS, user authentication and other operational systems as needed.
- Writes scripts utilizing Directory Services to provide Identity Management and User/Group management tools utilizing Active Directory as the backbone for the Identity Access Management implementation.
- Provides technical review of existing implementations and administrative practices (account and network administration, GPOs, OUs, DNS, etc.)
- Administers Users, Group and Computer objects and create Group Policy using Group Policy Management Console.
- Participates in data cleansing efforts including remediation of duplicate user ID’s, Directory Information Tree (DIT) redesign and modification recommendations, consolidation of Group Policy Objects, and implementation of access restrictions and auditing.
- Provides basic training and support for design and administrative team members.
- Experience in windows deployment solutions (SCCM, Ghost, etc).
- Serves as in-house expert on best practices and efficient solutions supporting the Identity and Access Management (IAM) strategy to ensure proper implementation and leveraging of the Identity Management solutions.
- Establishes service specifications to other systems including permissions modification, deletion, role definitions, reclassification and other similar access management related functions.
- Maintains the enterprise identity management infrastructure and performs considerable work in the development and implementation of workflows and data integration/transformations in an identity management system.
![Active Active](/uploads/1/1/8/2/118258918/564391064.gif)
Qualifications:
Minimum Requirements
Active Directory User Authentication Process
- Microsoft Certified Solutions Associate (MCSA)
- Microsoft Certified Solutions Expert (MCSE)
Azure Active Directory Authentication
Preferred:
Cisco Asa Active Directory Authentication
- Ability to install, configure and troubleshoot Active Directory and DNS for Active Directory, as well as skills necessary for Group Policy and Active Directory Security solutions.
- Heavy Active Directory and Directory Services knowledge necessary.
- Hands-on project experience designing and implementing custom identity workflows, resource provisioning and role based access controls.
- Working experience of lightweight Directory Access Protocol (LDAP).
- Working experience of operating-system administration skills of Windows Server 2008-2019.
- Specific training and certifications is a plus.
- Power Shell, VB Script, Java Scripting is a plus.