parda25

LDAP + RSA authentication implementation (3/3)

Blog Post created by parda25 Employee on Mar 13, 2018

Step3: LDAP configuration and configure LDAP+RSA on PAM

  1. in LDAP server, make sure user has SamAccountName registered as same as userid in PAM and RSA.

 

  1. in PAM, Go to configuration -> 3rd Party->LDAP and Update Unique attribute with sAMAccountName= .

 CA Privileged Access Manager Client - 155.35.245.84  CA Privileged Access Manager  Dashboard  Config  e Configu  e 3rd  A  s  s  @ CA  Cert  Clus  Exc  Lice  Loc  @ Ma  Mon  @ Ne  @ Security  Update LDAP Domain DC-pamlab,DC=local  LDAP Configuration Attributes Kerberos drowse Points  Daniel Park System Info Logout O  O  DELETE  Unique Attribute:  user Group Object Class:  Group Member Attribute:  Group Search Filter:  sAMAccountName=

  1. Go to User-> Manage User Groups and import LDAP user with LDAP+RSA authentication.

 

CA Privileged Access Manager Client -15535.245  CA Privileged Access Manager  Dashboard Access  Sessions  Users Services  Manage Users  Manage User Grou  Manage Roles  Devices  Credentials  Policies  Session Manager User Groups  Column:  Group Name  copy  Value:  UPDATE  O  Daniel Park System Info Logout  Settings Configuration  CREATE TACACS+ GROUP  Approve SmartCard Users  EATE RADIUS GROUP  Provision  Description  Assignable

 

CA PAM LDAP Browser  Eile Yiew Options Bookmark Search paged Results 1001s PAM Groups  Register LDAP Groups With The PAM Appliance  LDAP *RSA.  LDAP Groups  Gr oup Name  OU Admins,OU —local  Select Authenbcabon Type :  Status  t Registered  Le vel  Register Groups  Cancel Registraton Of All Groups  connected To LDAP Domain At 10.131.235.50:636

 

CA PAM LDAP Browser  Eile Yiew Options Bookmark Search paged Results 1001s PAM Groups  Register LDAP Groups With The PAM Appliance  LDAP *RSA  LDAP Groups  Group Name  Le vel  Select Authenbcabon Type :  Status  Group Registered  oup mported. 7 Users Processed: 7 Nevv Users, O Updated Users, O Deleted Users, O Failed Nevv Users, O Failed updated Users.  Register Groups  Cancel Registraton Of All Groups  connected To LDAP Domain At 10.131.235.50:636

 

4. Check the user in User -> Manage User

Update User parda25rsa@pamlab.local  Basic Into Administration Roles Access Times  Groups  Credential Manager Groups  O  API Keys  user Name:  First Name:  Last Name:  user Principal Name:  SAM Account Name:  parda2Srsa@pamlab.local  parda2Srsa  parda2Srsa@pamlab.local  parda2Srsa  user@exampletom  Keyboard Layout:  ROP user Name:  Auto  Mainframe Display Name:  MANAGE POLICY

 

 

  1. Log out and log in with LDAP + RSA authentication.

CA Privileged Access Manager  CA Privileged Access Manager  Login to 155.35.245.84  Username:  Password:  Authentication Type:  Login  parda2Srsa  Local  Local  Back  Cancel

 

CA Privileged Access Manager Client - 155.3524584  CA Privileged Access Manager  ccess  lumn:  vice Name  FILTER  Web Portal  RESET  FILTER  MV VIEWS  Address  Value:  Operatin Access Methods  User Information  ROP Applications  parda25rsa Logout O  O  RESTART SESSION  Target Applications  Basic Into Administration Terminal Customization Preterences  user Name:  First Name:  Last Name:  Email: •  parda2Srsa  user@example.com  Phone:  Cell Phone:  Keyboard Layout:  ROP user Name:  Mainframe Display Name:  Last Successful Log-in:  Services  O  Auto

 

Finished.

Outcomes