I had a heck of a time figuring out how to set this up. Cisco’s documentation related to LDAP authentication is all over the place and there isn’t one article that describes just this. If you want to use Microsoft Active Directory to authenticate users locally logging in to the ASA and give them privileged exec access based on a Group, here are the steps.
These steps assume you are using ASDM, but I have attached the CLI equivalents as well.
- Create a group in Active Directory that will be used to define access to the ASA. I.e. ASA Admins.
- Create a service account (password not expiring unless you want to change it in AD and your ASA every month) that will be used by the ASA to bind with AD.
1. Log in to the ASA with ASDM (CLI steps below)
2. Go to Device…
View original post 1,113 more words