Client VPN with AD integration

[stooo]

Hi,

I would like to allow different AD users access to different internal resources based on the AD group they are in e.g. Users in the Admin group get full access, users in another group get access to 1 particular server.

Does anyone have some sample config or a guide on how to do this?

Thanks for your help!

Stu

 

[North323]

radius?

 

[stooo]

Was hoping to do it with LDAP, but can look into using IAS if it need to be radius

 

[North323]

you can do an ldap lookup in radius

 

[stooo]

I dont have a radius server, I have an ASA, and a load of windows servers, including a domain controller

 

[North323]

im sure you can make one of the windoz boxes a radius box.

http://fixingit.wordpress.com/2009/...rver-2008-as-a-radius-server-for-a-cisco-asa/

 

[stooo]

Hi,

That is what IAS does (or NPS in 2008), but I thought you could authenticate directly against a domain contorller?

 

[unclerico]

download this guide to show you how to use LDAP to authenticate/authorize VPN users:

http://www.box.net/shared/ad3bxdhplk

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)