Win 2012 example of Windows 2012 configuration

MAVIS LDAP. Windows Server 2012 configuration


Brief Plan


Create AD user for the ldap connection

Create User

User Password. Best Practice

Use the user ONLY for authentication between ldap and tacacsgui. Also recommended to use Password never expires option.

Create User

Test Connection to ldap server

In the example below we use the same user that we used for ldap connection. The RESULT NAK is ok, because user does not match any tacacs group.

Create User

Test Authentication

Configure Tacacs user group!

Add a Tacacs user group. The group must have the same name as one of AD group (CN) that user belong or AD group must be added inside of tacacs user group. How to add Tacacs User Group?

Try to authenticate AD user.

LDAP

As you can see test authentication process return success message – RESULT ACK. Also that output show for us that user is member of ldap_main group for tacacs daemon – TACMEMBER “ldap_main”.

If you see RESULT ACK, it is the good time to check your configuration on real devices.

Author: Alexey Mochalin; Created at: 2018-11-23 14:19:11; Updated at: 2018-12-17 16:21:47