Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5242
Views
5
Helpful
5
Replies

Another LDAP Authentication Failure

Go to solution
noc-cville
Level 1
Level 1

‎05-02-2013 07:59 AM - edited ‎03-10-2019 08:23 PM

I am attempting to setup LDAP authentication for my ASA, along with the AD Agent.  Currently my authentication is failing with the following output from debug...

[-2147483610] Session Start

[-2147483610] New request Session, context 0xcc854d8c, reqType = Authentication

[-2147483610] Fiber started

[-2147483610] Creating LDAP context with uri=ldap://10.11.1.15:389

[-2147483610] Connect to LDAP server:

ldap://10.11.1.15:389

, status = Successful

[-2147483610] supportedLDAPVersion: value = 3

[-2147483610] supportedLDAPVersion: value = 2

[-2147483610] Binding as Sargent\

[-2147483610] Performing Simple authentication for Sargent\ to 10.11.1.15

[-2147483610] LDAP Search:

        Base DN = [DC=city,DC=charlottesville,DC=org]

        Filter  = [sAMAccount=sargentm]

        Scope   = [SUBTREE]

[-2147483610] Search result parsing returned failure status

[-2147483610] Fiber exit Tx=308 bytes Rx=677 bytes, status=-1

[-2147483610] Session End

ERROR: Authentication Rejected: Unspecified

I can however perform successful queries to AD etc. using the following commands.

show user-identity ad-users city.charlottesville.org filter sargentm

Ideas?

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to noc-cville

‎05-02-2013 09:00 AM

Replace the below listed command inside the server parameters:

ldap-naming-attribute sAMAccount

With

ldap-naming-attribute sAMAccountName

Note: the sAMAccountName is incorrectly configured.

Jatin Katyal

- Do rate helpful posts -

~Jatin

View solution in original post

5 Replies 5

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎05-02-2013 08:19 AM

could you please attach the output of show run aaa-server.

Also, it would be worth to see at server > event viewer logs about the reject reason.

Jatin Katyal


- Do rate helpful posts -

~Jatin
0 Helpful

Go to solution
noc-cville
Level 1
Level 1
In response to Jatin Katyal

‎05-02-2013 08:54 AM

aaa-server CityDC protocol ldap

aaa-server CityDC (outside) host citydc01.city.charlottesville.org

server-port 389

ldap-base-dn DC=charlottesville,DC=org

ldap-group-base-dn DC=city,DC=charlottesville,DC=org

ldap-scope subtree

ldap-naming-attribute sAMAccount

ldap-login-password *****

ldap-login-dn CN=Administrator,CN=Users,DC=city,DC=charlottesville,DC=org

server-type microsoft

aaa-server CityDC (outside) host citydc1.city.charlottesville.org

server-port 389

ldap-base-dn DC=charlottesville,DC=org

ldap-group-base-dn DC=city,DC=charlottesville,DC=org

ldap-scope subtree

ldap-naming-attribute sAMAccount

ldap-login-password *****

ldap-login-dn CN=Administrator,CN=Users,DC=city,DC=charlottesville,DC=org

server-type microsoft

aaa-server CityAgent protocol radius

ad-agent-mode

aaa-server CityAgent (outside) host 10.11.1.203

key *****

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to noc-cville

‎05-02-2013 09:00 AM

Replace the below listed command inside the server parameters:

ldap-naming-attribute sAMAccount

With

ldap-naming-attribute sAMAccountName

Note: the sAMAccountName is incorrectly configured.

Jatin Katyal

- Do rate helpful posts -

~Jatin

Go to solution
noc-cville
Level 1
Level 1
In response to Jatin Katyal

‎05-02-2013 10:07 AM

THanks...I figured it was something simple I was overlooking.  That was the problem.

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to noc-cville

‎05-02-2013 10:51 AM

It's LDAP so it's expected

Jatin Katyal


- Do rate helpful posts -

~Jatin
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents