74-46
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Understanding How KCD Works
Detailed Steps
Showing KCD Status Information
To display the domain controller information and the domain join status, follow these commands:
Command Purpose
Step1 webvpn Switches to webvpn configuration mode.
Step2 kcd-server
Step3 kcd-server aaa-server-group
Example:
ASA(config)# aaa-server KG protocol kerberos
ASA(config)# aaa-server KG (inside) host DC
ASA(config-aaa-server-host_# kerberos-realm test.edu
ASA(webvpn-config)# kcd-server KG username user1
password abc123
ASA(webvpn-config)# no kcd-server
Specifies the domain controller name and realm.
The AAA server group must be a Kerberos type.
Shows sample output.
Step4 (Optional)
no kcd-server
Removes the specified behavior for the ASA.
Step5 (Optional)
kcd-server reset
Resets to the internal state.
Step6 kcd domain-join username <user> password <pass>
user—Does not correspond to a specific administrative user
but simply a user with service-level privileges to add a device
on the Windows domain controller.
pass—The password does not correspond to a specific
password but simply a user with service-level password
privileges to add a device on the Windows domain controller.
Checks for the presence of a kcd-server and starts
the domain join process.
The Active Directory username and password are
used only in exec-mode and are not saved in the
configuration.
Note Administrative privileges are required for
initial join. A user with service-level
priviledges on the domain controller will not
get access.
Step7 kcd domain-leave Verifies if the kcd-server command has a valid
domain join status and then initiates a domain leave.
Command Purpose
Step1 webvpn Switches to webvpn configuration mode.
Step2 show webvpn kcd
Example:
ASA# show webvpn kcd
KCD-Server Name: DC
User : user1
Password : ****
KCD State : Joined
Displays the domain controller information and the
domain join status.
Shows sample output returned from this command.