12-3
ASDM User Guide
OL-12180-01
Chapter12 Configuring AAA Servers and User Accounts AAA Server and Local Database Support
•RADIUS Server Support, page 12-3
•TACACS+ Server Support, page 12-4
•SDI Server Support, page 12-4
•NT Server Support, page 12-5
•Kerberos Server Support, page 12-5
•LDAP Server Support, page 12-5
•SSO Support for Clientless SSL VPN with HTTP Forms, page 12-6
•Local Database Support, page 12-6
Summary of SupportTable12-1 summarizes the support for each AAA service by each AAA server type, including the local
database. For more information about support for a specific AAA server type, refer to the topics
following the table.
RADIUS Server SupportThe security appliance supports RADIUS servers.
Table12-1 Summary of AAA Support
AAA Service
Database Type
Local RADIUS TACACS+ SDI NT Kerberos LDAP HTTP
Form
Authentication of...
VPN users Yes Yes Yes Yes Yes Yes Yes Yes1
1. HTTP Form protocol supports single sign-on authentication for Clientless SSL VPN connections only.
Firewall sessions Yes Yes Yes Yes Yes Yes Yes No
Administrators Yes Yes Yes Yes2
2. SDI is not supported for HTTP administrative access.
Yes Yes Yes No
Authorization of...
VPN users Yes Yes No No No No Yes No
Firewall sessions No Yes3
3. For firewall sessions, RADIUS authorization is supported with user-specific access lists only, which are received or
specified in a RADIUS authentication response.
Yes NoNoNo NoNo
Administrators Yes4
4. Local command authorization is supported by privilege level only.
No Yes NoNoNo NoNo
Accounting of...
VPN connections No Yes Yes No No No No No
Firewall sessions No Yes Yes No No No No No
Administrators No Yes5
5. Command accounting is available for TACACS+ only.
Yes NoNoNo NoNo