Showing kcd status information – Cisco ASA 5505 User Manual

Page 1632

Advertising
background image

74-46

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Understanding How KCD Works

Detailed Steps

Showing KCD Status Information

To display the domain controller information and the domain join status, follow these commands:

Command

Purpose

Step 1

webvpn

Switches to webvpn configuration mode.

Step 2

kcd-server

Step 3

kcd-server aaa-server-group

Example:

ASA(config)# aaa-server KG protocol kerberos

ASA(config)# aaa-server KG (inside) host DC

ASA(config-aaa-server-host_# kerberos-realm test.edu

ASA(webvpn-config)# kcd-server KG username user1

password abc123

ASA(webvpn-config)# no kcd-server

Specifies the domain controller name and realm.
The AAA server group must be a Kerberos type.

Shows sample output.

Step 4

(Optional)

no kcd-server

Removes the specified behavior for the ASA.

Step 5

(Optional)

kcd-server reset

Resets to the internal state.

Step 6

kcd domain-join username

<user> password <pass>

user—Does not correspond to a specific administrative user
but simply a user with service-level privileges to add a device
on the Windows domain controller.

pass—The password does not correspond to a specific
password but simply a user with service-level password
privileges to add a device on the Windows domain controller.

Checks for the presence of a kcd-server and starts
the domain join process.

The Active Directory username and password are
used only in exec-mode and are not saved in the
configuration.

Note

Administrative privileges are required for
initial join. A user with service-level
priviledges on the domain controller will not
get access.

Step 7

kcd domain-leave

Verifies if the kcd-server command has a valid
domain join status and then initiates a domain leave.

Command

Purpose

Step 1

webvpn

Switches to webvpn configuration mode.

Step 2

show webvpn kcd

Example:

ASA# show webvpn kcd

KCD-Server Name: DC

User

: user1

Password

: ****

KCD State

: Joined

Displays the domain controller information and the
domain join status.

Shows sample output returned from this command.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals