https://community.cisco.com/t5/network-access-control/ise-2-4-patch-11-secure-ldap-problem/m-p/4076282#M559963 <P>Is there any use guide with troubleshooting that we can use to implement secure ldap on ISE 2.4!</P> Wed, 29 Apr 2020 11:51:12 GMT Moudar 2020-04-29T11:51:12Z https://community.cisco.com/t5/network-access-control/ise-2-4-patch-11-secure-ldap-problem/m-p/4076268#M559962 <P>Trying to start using Secure LDAP but the problem is that when we test bind to server we get this massage:"<STRONG>ldap bind ended with an error</STRONG>"&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ise error.PNG" style="width: 448px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/73290iDFA2EF4DC38E4764/image-size/large?v=v2&amp;px=999" role="button" title="ise error.PNG" alt="ise error.PNG" /></span></P><P>&nbsp;</P><P>any ideas!?</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 29 Apr 2020 11:13:34 GMT https://community.cisco.com/t5/network-access-control/ise-2-4-patch-11-secure-ldap-problem/m-p/4076268#M559962 Moudar 2020-04-29T11:13:34Z https://community.cisco.com/t5/network-access-control/ise-2-4-patch-11-secure-ldap-problem/m-p/4076282#M559963 <P>Is there any use guide with troubleshooting that we can use to implement secure ldap on ISE 2.4!</P> Wed, 29 Apr 2020 11:51:12 GMT https://community.cisco.com/t5/network-access-control/ise-2-4-patch-11-secure-ldap-problem/m-p/4076282#M559963 Moudar 2020-04-29T11:51:12Z https://community.cisco.com/t5/network-access-control/ise-2-4-patch-11-secure-ldap-problem/m-p/4076537#M559979 I don't have a guide for this, but ensure that your are using the correct CA cert selections in the connection tab of the LDAP connector. Both sides need to trust each other. <BR /><BR />There is also a section in the 2.6 admin guide that indicates what settings need to be enabled for certain ISE features to function. Look under the section titled "Configure Security Settings" which directs you to Administration &gt; System &gt; Settings &gt; Security Settings in the GUI. <BR /><A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/admin_guide/b_ise_admin_guide_26/b_ise_admin_guide_26_chapter_010010.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/admin_guide/b_ise_admin_guide_26/b_ise_admin_guide_26_chapter_010010.html</A><BR /><BR />Someone else had suggested that you could enable debugs for prrt-JNI, AAA-runtime, AAA-config, then check the prrt-server.log file for more information on the errors. <BR /><BR />Lastly, there is this terminated bug which indicates that ISE might not support mutual cert secure ldap authentication. I'm not sure if it still applies or not. <BR /><A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj82754" target="_blank">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj82754</A><BR /> Wed, 29 Apr 2020 17:36:25 GMT https://community.cisco.com/t5/network-access-control/ise-2-4-patch-11-secure-ldap-problem/m-p/4076537#M559979 Damien Miller 2020-04-29T17:36:25Z https://community.cisco.com/t5/network-access-control/ise-2-4-patch-11-secure-ldap-problem/m-p/4077015#M559995 <P>is there any way to make sure that there is a trust between the two, what we know is that there is a trust but how to make sure?</P> Thu, 30 Apr 2020 09:23:26 GMT https://community.cisco.com/t5/network-access-control/ise-2-4-patch-11-secure-ldap-problem/m-p/4077015#M559995 Moudar 2020-04-30T09:23:26Z https://community.cisco.com/t5/network-access-control/ise-2-4-patch-11-secure-ldap-problem/m-p/4078255#M560052 <P><A id="link_21" class="lia-link-navigation lia-page-link lia-user-name-link" href="https://community.cisco.com/t5/user/viewprofilepage/user-id/320219" target="_self"><SPAN class="">Damien Miller</SPAN></A>&nbsp;already gave some info on troubleshooting.</P> <P>In case you are using the LDAPS from Google G-Suite or the like, that is not currently supported. Also, the LDAPS in ISE supports for encryption only but not for mutual authentication. The root CA of the LDAP server needs imported into ISE trusted certificates and trusted for client authentications.</P> Sat, 02 May 2020 05:10:15 GMT https://community.cisco.com/t5/network-access-control/ise-2-4-patch-11-secure-ldap-problem/m-p/4078255#M560052 hslai 2020-05-02T05:10:15Z https://community.cisco.com/t5/network-access-control/ise-2-4-patch-11-secure-ldap-problem/m-p/4078860#M560078 <P>Take a packet capture on ISE with the filer " ip host &lt;<EM>ip address of LDAP server</EM>&gt; and check if the handshake between the two is completing or not.</P> Mon, 04 May 2020 10:43:36 GMT https://community.cisco.com/t5/network-access-control/ise-2-4-patch-11-secure-ldap-problem/m-p/4078860#M560078 poongarg 2020-05-04T10:43:36Z https://community.cisco.com/t5/network-access-control/ise-2-4-patch-11-secure-ldap-problem/m-p/4272254#M564782 <P>Thanks&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/113005">@hslai</a>&nbsp;</P><P>&nbsp;</P><P>Is this still the case with newer ISE version?</P><P>&nbsp;</P><P>I will probably ask a feature request to our Cisco representative but can you suggest if there is a specific internal reference for this feature?</P> Thu, 14 Jan 2021 10:47:01 GMT https://community.cisco.com/t5/network-access-control/ise-2-4-patch-11-secure-ldap-problem/m-p/4272254#M564782 giovanni.augusto 2021-01-14T10:47:01Z