vShield SSL VPN Plus AD authentication users

thorchi · ‎05-12-2015

Hi!

I try to configure VPN SSL plus with Active Directory user authentication . I have many user in a AD group. These user are those can access to VPN.

When i try to configure "Login attribute Name" and "Search Filter" for AD group, i dont know how are the correct sentence. I try with different inputs but any one are incorrect.

What is the correct format to put in "Login attribute Name" and "Search Filter" for AD group users that can log in VPN?

Thanks in advanced, regards!!

fhaldimann · ‎01-25-2017

Hi Thorchi,

Login Attribute Name

the "login attribute name" defines the user attribute you want to use to authenticate the user. This is the user name the user will have to enter in the ssl vpn plus client connection window.

Example:

if you want to use the user name: user1

-> SAMAccountName

If you want to use the upn: user1@example.com

-> userPrincipalName

Search Filter:

Here you can type in the ldap query. As you want to check for AD group membership only, this is pretty straight forward:

Example:

You want to allow VPN access only to members of the "vpnusers" group. The vpnusers group itself is located in an Organisational Unit (OU) in the active directory domain example.com.

memberOf=%Distinguished name of group%

-> memberOf=CN=vpnusers,OU=RAS,DC=example,DC=com

have fun

fab

P.S: You can get the Distinguished name of AD objects easily through the AD Users & Computers MMC

All

vShield SSL VPN Plus AD authentication users