https://community.cisco.com/t5/network-access-control/another-ldap-authentication-failure/m-p/2208836#M160493 <HTML><HEAD></HEAD><BODY><P>could you please attach the output of show run aaa-server.</P><P></P><P>Also, it would be worth to see at server &gt; event viewer logs about the reject reason.</P><P></P><P>Jatin Katyal <BR /> <BR /> <BR />- Do rate helpful posts -</P></BODY></HTML> Thu, 02 May 2013 15:19:59 GMT Jatin Katyal 2013-05-02T15:19:59Z https://community.cisco.com/t5/network-access-control/another-ldap-authentication-failure/m-p/2208835#M160488 <P>I am attempting to setup LDAP authentication for my ASA, along with the AD Agent.&nbsp; Currently my authentication is failing with the following output from debug...</P><P></P><P></P><P></P><P>[-2147483610] Session Start</P><P>[-2147483610] New request Session, context 0xcc854d8c, reqType = Authentication</P><P>[-2147483610] Fiber started</P><P>[-2147483610] Creating LDAP context with uri=ldap://10.11.1.15:389</P><P>[-2147483610] Connect to LDAP server: </P><P><A href="https://community.cisco.com/" target="_blank">ldap://10.11.1.15:389</A></P><P>, status = Successful</P><P>[-2147483610] supportedLDAPVersion: value = 3</P><P>[-2147483610] supportedLDAPVersion: value = 2</P><P>[-2147483610] Binding as Sargent\</P><P>[-2147483610] Performing Simple authentication for Sargent\ to 10.11.1.15</P><P>[-2147483610] LDAP Search:</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Base DN = [DC=city,DC=charlottesville,DC=org]</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Filter&nbsp; = [sAMAccount=sargentm]</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Scope&nbsp;&nbsp; = [SUBTREE]</P><P>[-2147483610] Search result parsing returned failure status</P><P>[-2147483610] Fiber exit Tx=308 bytes Rx=677 bytes, status=-1</P><P>[-2147483610] Session End</P><P>ERROR: Authentication Rejected: Unspecified</P><P></P><P>I can however perform successful queries to AD etc. using the following commands.</P><P></P><P>show user-identity ad-users city.charlottesville.org filter sargentm</P><P></P><P>Ideas?</P> Mon, 11 Mar 2019 03:23:11 GMT https://community.cisco.com/t5/network-access-control/another-ldap-authentication-failure/m-p/2208835#M160488 noc-cville 2019-03-11T03:23:11Z https://community.cisco.com/t5/network-access-control/another-ldap-authentication-failure/m-p/2208836#M160493 <HTML><HEAD></HEAD><BODY><P>could you please attach the output of show run aaa-server.</P><P></P><P>Also, it would be worth to see at server &gt; event viewer logs about the reject reason.</P><P></P><P>Jatin Katyal <BR /> <BR /> <BR />- Do rate helpful posts -</P></BODY></HTML> Thu, 02 May 2013 15:19:59 GMT https://community.cisco.com/t5/network-access-control/another-ldap-authentication-failure/m-p/2208836#M160493 Jatin Katyal 2013-05-02T15:19:59Z https://community.cisco.com/t5/network-access-control/another-ldap-authentication-failure/m-p/2208837#M160497 <HTML><HEAD></HEAD><BODY><P>aaa-server CityDC protocol ldap</P><P>aaa-server CityDC (outside) host citydc01.city.charlottesville.org</P><P> server-port 389</P><P> ldap-base-dn DC=charlottesville,DC=org</P><P> ldap-group-base-dn DC=city,DC=charlottesville,DC=org</P><P> ldap-scope subtree</P><P> ldap-naming-attribute sAMAccount</P><P> ldap-login-password *****</P><P> ldap-login-dn CN=Administrator,CN=Users,DC=city,DC=charlottesville,DC=org</P><P> server-type microsoft</P><P>aaa-server CityDC (outside) host citydc1.city.charlottesville.org</P><P> server-port 389</P><P> ldap-base-dn DC=charlottesville,DC=org</P><P> ldap-group-base-dn DC=city,DC=charlottesville,DC=org</P><P> ldap-scope subtree</P><P> ldap-naming-attribute sAMAccount</P><P> ldap-login-password *****</P><P> ldap-login-dn CN=Administrator,CN=Users,DC=city,DC=charlottesville,DC=org</P><P> server-type microsoft</P><P>aaa-server CityAgent protocol radius</P><P> ad-agent-mode</P><P>aaa-server CityAgent (outside) host 10.11.1.203</P><P> key *****</P></BODY></HTML> Thu, 02 May 2013 15:54:20 GMT https://community.cisco.com/t5/network-access-control/another-ldap-authentication-failure/m-p/2208837#M160497 noc-cville 2013-05-02T15:54:20Z https://community.cisco.com/t5/network-access-control/another-ldap-authentication-failure/m-p/2208838#M160501 <HTML><HEAD></HEAD><BODY><P>Replace the below listed command inside the server parameters:</P><P></P><P><STRONG>ldap-naming-attribute sAMAccount</STRONG></P><P></P><P>With</P><P><STRONG>ldap-naming-attribute sAMAccountName</STRONG></P><P></P><P>Note: the sAMAccountName is incorrectly configured.</P><P></P><P>Jatin Katyal <BR /> <BR />- Do rate helpful posts -</P></BODY></HTML> Thu, 02 May 2013 16:00:32 GMT https://community.cisco.com/t5/network-access-control/another-ldap-authentication-failure/m-p/2208838#M160501 Jatin Katyal 2013-05-02T16:00:32Z https://community.cisco.com/t5/network-access-control/another-ldap-authentication-failure/m-p/2208839#M160507 <HTML><HEAD></HEAD><BODY><P> THanks...I figured it was something simple I was overlooking.&nbsp; That was the problem.</P></BODY></HTML> Thu, 02 May 2013 17:07:42 GMT https://community.cisco.com/t5/network-access-control/another-ldap-authentication-failure/m-p/2208839#M160507 noc-cville 2013-05-02T17:07:42Z https://community.cisco.com/t5/network-access-control/another-ldap-authentication-failure/m-p/2208840#M160510 <HTML><HEAD></HEAD><BODY><P>It's LDAP so it's expected <SPAN __jive_emoticon_name="wink" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/wink.gif"></SPAN></P><P></P><P>Jatin Katyal <BR /> <BR /> <BR />- Do rate helpful posts -</P></BODY></HTML> Thu, 02 May 2013 17:51:05 GMT https://community.cisco.com/t5/network-access-control/another-ldap-authentication-failure/m-p/2208840#M160510 Jatin Katyal 2013-05-02T17:51:05Z