05-02-2013 07:59 AM - edited 03-10-2019 08:23 PM
I am attempting to setup LDAP authentication for my ASA, along with the AD Agent. Currently my authentication is failing with the following output from debug...
[-2147483610] Session Start
[-2147483610] New request Session, context 0xcc854d8c, reqType = Authentication
[-2147483610] Fiber started
[-2147483610] Creating LDAP context with uri=ldap://10.11.1.15:389
[-2147483610] Connect to LDAP server:
, status = Successful
[-2147483610] supportedLDAPVersion: value = 3
[-2147483610] supportedLDAPVersion: value = 2
[-2147483610] Binding as Sargent\
[-2147483610] Performing Simple authentication for Sargent\ to 10.11.1.15
[-2147483610] LDAP Search:
Base DN = [DC=city,DC=charlottesville,DC=org]
Filter = [sAMAccount=sargentm]
Scope = [SUBTREE]
[-2147483610] Search result parsing returned failure status
[-2147483610] Fiber exit Tx=308 bytes Rx=677 bytes, status=-1
[-2147483610] Session End
ERROR: Authentication Rejected: Unspecified
I can however perform successful queries to AD etc. using the following commands.
show user-identity ad-users city.charlottesville.org filter sargentm
Ideas?
Solved! Go to Solution.
05-02-2013 09:00 AM
Replace the below listed command inside the server parameters:
ldap-naming-attribute sAMAccount
With
ldap-naming-attribute sAMAccountName
Note: the sAMAccountName is incorrectly configured.
Jatin Katyal
- Do rate helpful posts -
05-02-2013 08:19 AM
could you please attach the output of show run aaa-server.
Also, it would be worth to see at server > event viewer logs about the reject reason.
Jatin Katyal
- Do rate helpful posts -
05-02-2013 08:54 AM
aaa-server CityDC protocol ldap
aaa-server CityDC (outside) host citydc01.city.charlottesville.org
server-port 389
ldap-base-dn DC=charlottesville,DC=org
ldap-group-base-dn DC=city,DC=charlottesville,DC=org
ldap-scope subtree
ldap-naming-attribute sAMAccount
ldap-login-password *****
ldap-login-dn CN=Administrator,CN=Users,DC=city,DC=charlottesville,DC=org
server-type microsoft
aaa-server CityDC (outside) host citydc1.city.charlottesville.org
server-port 389
ldap-base-dn DC=charlottesville,DC=org
ldap-group-base-dn DC=city,DC=charlottesville,DC=org
ldap-scope subtree
ldap-naming-attribute sAMAccount
ldap-login-password *****
ldap-login-dn CN=Administrator,CN=Users,DC=city,DC=charlottesville,DC=org
server-type microsoft
aaa-server CityAgent protocol radius
ad-agent-mode
aaa-server CityAgent (outside) host 10.11.1.203
key *****
05-02-2013 09:00 AM
Replace the below listed command inside the server parameters:
ldap-naming-attribute sAMAccount
With
ldap-naming-attribute sAMAccountName
Note: the sAMAccountName is incorrectly configured.
Jatin Katyal
- Do rate helpful posts -
05-02-2013 10:07 AM
THanks...I figured it was something simple I was overlooking. That was the problem.
05-02-2013 10:51 AM
It's LDAP so it's expected
Jatin Katyal
- Do rate helpful posts -
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide