ACS & LDAP configuration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2004 07:44 AM - edited 03-10-2019 07:52 AM
I'm trying to configure our ACS 3.x server to use Generic LDAP. I'm getting this error in the failed attempts report " External DB reports error condition"
Can anyone offer help on how to troubleshoot from that error message?
Is there a way to log what is being returned from the LDAP server? The server admin is new and I have some concerns about info I'm getting from him.
- Labels:
-
AAA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2004 09:25 AM
You might want to download a program call ntradping. it will enable you to do radius queries from your pc to a radius erver and it has a response window so you can see all the errors going on. Or you can set up a sniffer and sniff all the packets between the acs and ldap server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-11-2004 07:21 AM
check your password on the ACS; that's under the LDAP setup.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-11-2004 12:50 PM
I think there is a problem with the Cisco ACS.
i have the same problem and i am getting the same error you got, i opened a ticket with Cisco and they are working on it for the past 5 days(most likely its a bug).
I have the ACS working fine with AD2003 when i am having vpn users (going to the pix , then to the ACS and then to the AD).
the problem i have when 802.1x client(xp station) sends the EAP traffic to 6513 and then the ACS and then get forwarded to the AD2003 , it will fail with the error you mentioned (External DB unsupported).
Cisco engineer asked me to upgrade the ACS i was having 3.2.1 and i did upgrade to the latest which is 3.2.3 and the same problem there.
they promised to give an answer on this by Monday , lets wait and see.
If you figured something, plz let me know.
Usama Alian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-18-2004 11:29 AM
I've opened a ticket with Cisco. Still haven't gotten this working yet.
Did get a pointer to some software that helps see what is on the LDAP server. www.softerra.com
Found we were not getting a Bind completed with the server.
Now after going through the configuration of the LDAP parameters we attempt to do the group mapping on the ACS server but we get an error message saying the Server is Unreachable. Have verified that the server is reachable both from the client and from the ACS server box its self (ping & HTTP & LDAP) .
Anyone have any thoughts on what might be keeping the ACS software from seeing the server ??
