https://community.cisco.com/t5/network-access-control/asa-ldap-test-fail/m-p/1589383#M252623 <P>Hi ,</P><P></P><P>I configured the microsoft ldap authenticaon for vpn user in asa </P><P>when i do test from asa to microsift ad/ldap i get&nbsp; on&nbsp; below error</P><P></P><P>authentication test host to x.x.x.x failed .following error occured</P><P>ERROR :authentication server not responding .AAA server has been removed</P> Mon, 11 Mar 2019 00:49:00 GMT rgk013013 2019-03-11T00:49:00Z https://community.cisco.com/t5/network-access-control/asa-ldap-test-fail/m-p/1589383#M252623 <P>Hi ,</P><P></P><P>I configured the microsoft ldap authenticaon for vpn user in asa </P><P>when i do test from asa to microsift ad/ldap i get&nbsp; on&nbsp; below error</P><P></P><P>authentication test host to x.x.x.x failed .following error occured</P><P>ERROR :authentication server not responding .AAA server has been removed</P> Mon, 11 Mar 2019 00:49:00 GMT https://community.cisco.com/t5/network-access-control/asa-ldap-test-fail/m-p/1589383#M252623 rgk013013 2019-03-11T00:49:00Z https://community.cisco.com/t5/network-access-control/asa-ldap-test-fail/m-p/1589384#M252669 <HTML><HEAD></HEAD><BODY><P><SPAN style="color: #800000;"><BR /></SPAN></P><P><SPAN style="color: #800000;">Please ensure that your LDAP config should look like this, th error you're seeing mainly due to naming-attribute or </SPAN></P><P><SPAN style="color: #800000;"><BR /></SPAN></P><P><SPAN style="color: #800000;">incorrect login-dn format</SPAN></P><P></P><P><SPAN style="color: #800000;">aaa-server LDAP-AD protocol ldap<BR /></SPAN></P><P><SPAN style="color: #800000;">aaa-server LDAP-AD host <IP-OF-WINDOWS-AD><BR /></IP-OF-WINDOWS-AD></SPAN></P><P><SPAN style="color: #800000;"> server-port 389<BR /></SPAN></P><P><SPAN style="color: #800000;"> ldap-base-dn <AD base="" dn=""><BR /></AD></SPAN></P><P><SPAN style="color: #800000;"> ldap-scope subtree<BR /></SPAN></P><P><SPAN style="color: #800000;"> ldap-naming-attribute sAMAccountName<BR /></SPAN></P><P><SPAN style="color: #800000;"> ldap-login-dn <LOGIN user="" dn=""><BR /></LOGIN></SPAN></P><P><SPAN style="color: #800000;"> ldap-login-password <PASSWORD for="" login="" user="" dn=""><BR /></PASSWORD></SPAN></P><P><SPAN style="color: #800000;"> server-type microsoft</SPAN></P><P></P><P></P><P><SPAN style="color: #800000;">Login user DN= username@domain-name</SPAN></P><P></P><P><SPAN style="color: #800000;">If the above suggestion doesn't work then first install and run the softerra browser and&nbsp; see if this admin accounts work for that.</SPAN></P><P><SPAN style="color: #800000;"><A class="jive-link-external-small" href="http://www.ldapadministrator.com/download.htm">http://www.ldapadministrator.com/download.htm</A></SPAN></P><P><SPAN style="color: #800000;">LDAP Browser 2.6</SPAN></P><P></P><P><SPAN style="color: #800000;"><BR /></SPAN></P><P><SPAN style="color: #800000;">Rgds, Jatin</SPAN></P><P><SPAN style="color: #800000;"><BR /></SPAN></P><P><SPAN style="color: #800000;"><BR /></SPAN></P><P><SPAN style="color: #800000;">Do rate helpful posts~<BR /></SPAN></P><P><SPAN style="color: #800000;"><BR /></SPAN></P></BODY></HTML> Fri, 11 Feb 2011 04:26:00 GMT https://community.cisco.com/t5/network-access-control/asa-ldap-test-fail/m-p/1589384#M252669 Jatin Katyal 2011-02-11T04:26:00Z