cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
1633
Views
0
Helpful
4
Replies

ACS & LDAP configuration

dopenfield
Level 1
Level 1

I'm trying to configure our ACS 3.x server to use Generic LDAP. I'm getting this error in the failed attempts report " External DB reports error condition"

Can anyone offer help on how to troubleshoot from that error message?

Is there a way to log what is being returned from the LDAP server? The server admin is new and I have some concerns about info I'm getting from him.

4 Replies 4

tcross3
Level 1
Level 1

You might want to download a program call ntradping. it will enable you to do radius queries from your pc to a radius erver and it has a response window so you can see all the errors going on. Or you can set up a sniffer and sniff all the packets between the acs and ldap server.

eholcombe
Level 1
Level 1

check your password on the ACS; that's under the LDAP setup.

alian2000
Level 1
Level 1

I think there is a problem with the Cisco ACS.

i have the same problem and i am getting the same error you got, i opened a ticket with Cisco and they are working on it for the past 5 days(most likely its a bug).

I have the ACS working fine with AD2003 when i am having vpn users (going to the pix , then to the ACS and then to the AD).

the problem i have when 802.1x client(xp station) sends the EAP traffic to 6513 and then the ACS and then get forwarded to the AD2003 , it will fail with the error you mentioned (External DB unsupported).

Cisco engineer asked me to upgrade the ACS i was having 3.2.1 and i did upgrade to the latest which is 3.2.3 and the same problem there.

they promised to give an answer on this by Monday , lets wait and see.

If you figured something, plz let me know.

Usama Alian

dopenfield
Level 1
Level 1

I've opened a ticket with Cisco. Still haven't gotten this working yet.

Did get a pointer to some software that helps see what is on the LDAP server. www.softerra.com

Found we were not getting a Bind completed with the server.

Now after going through the configuration of the LDAP parameters we attempt to do the group mapping on the ACS server but we get an error message saying the Server is Unreachable. Have verified that the server is reachable both from the client and from the ACS server box its self (ping & HTTP & LDAP) .

Anyone have any thoughts on what might be keeping the ACS software from seeing the server ??