MAVIS LDAP. Windows Server 2012 configuration
Brief Plan
Create AD user for the ldap connection
Create User
User Password. Best Practice
Use the user ONLY for authentication between ldap and tacacsgui. Also recommended to use Password never expires option.Create User
Test Connection to ldap server
In the example below we use the same user that we used for ldap connection. The RESULT NAK is ok, because user does not match any tacacs group.
Create User
Test Authentication
Configure Tacacs user group!
Add a Tacacs user group. The group must have the same name as one of AD group (CN) that user belong or AD group must be added inside of tacacs user group. How to add Tacacs User Group?Try to authenticate AD user.
LDAP
As you can see test authentication process return success message – RESULT ACK. Also that output show for us that user is member of ldap_main group for tacacs daemon – TACMEMBER “ldap_main”.
If you see RESULT ACK, it is the good time to check your configuration on real devices.
Author: Alexey Mochalin;
Created at: 2018-11-23 14:19:11;
Updated at: 2018-12-17 16:21:47