Adding a user account to the local database, Guidelines – Cisco ASA 5505 User Manual

Page 700

Advertising

35-20

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 35 Configuring AAA Servers and the Local Database

Configuring AAA

hostname(config-ldap-attribute-map)# map-value accessType helpdesk 7

hostname(config-ldap-attribute-map)# aaa-server LDAP protocol ldap

hostname(config-aaa-server-group)# aaa-server LDAP (inside) host 10.1.254.91

hostname(config-aaa-server-host)# ldap-base-dn CN=Users,DC=cisco,DC=local

hostname(config-aaa-server-host)# ldap-scope subtree

hostname(config-aaa-server-host)# ldap-login-password test

hostname(config-aaa-server-host)# ldap-login-dn

CN=Administrator,CN=Users,DC=cisco,DC=local

hostname(config-aaa-server-host)# server-type auto-detect

hostname(config-aaa-server-host)# ldap-attribute-map MGMT

The following example shows how to display the complete list of Cisco LDAP attribute names:

hostname(config)# ldap attribute-map att_map_1

hostname(config-ldap-attribute-map)# map-name att_map_1?

ldap mode commands/options:

cisco-attribute-names:

Access-Hours

Allow-Network-Extension-Mode

Auth-Service-Type

Authenticated-User-Idle-Timeout

Authorization-Required

Authorization-Type

X509-Cert-Data

hostname(config-ldap-attribute-map)#

Adding a User Account to the Local Database

This section describes how to manage users in the local database and includes the following topics:

Guidelines

The local database is used for the following features:

•

ASDM per-user access

•

Console authentication

•

Telnet and SSH authentication.

•

enable command authentication

This setting is for CLI-access only and does not affect the ASDM login.

•

Command authorization

If you turn on command authorization using the local database, then the ASA refers to the user
privilege level to determine which commands are available. Otherwise, the privilege level is not
generally used. By default, all commands are either privilege level 0 or level 15.

•

Network access authentication

•

VPN client authentication

For multiple context mode, you can configure usernames in the system execution space to provide
individual logins at the CLI using the login command; however, you cannot configure any AAA rules
that use the local database in the system execution space.

Advertising

This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands

Popular manuals