Re: Also had a similar issue,

jebowling · ‎05-26-2016

We are in the middle of changing out the Active Directory Servers and have a Cisco ASA 5512 and a Cisco 5520 that authenticate with LDAP to the PDC, BDC and BDC2. It works fine when connecting to the 2008 Active Directory Servers. When we brought in the first 2012 R2 Server it fails when trying to connect..

office2#
office2# debug ldap 255
debug ldap enabled at level 255
office2# term mon
office2#
office2#
[60] Session Start
[60] New request Session, context 0x723a7f08, reqType = Authentication
[60] Fiber started
[60] Creating LDAP context with uri=ldaps://10.1.100.65:636
[60] Connect to LDAP server: ldaps://10.1.100.65:636, status = Failed
[60] Unable to read rootDSE. Can't contact LDAP server.
[60] Fiber exit Tx=0 bytes Rx=0 bytes, status=-2
[60] Session End

office2# ping 10.1.100.65
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.100.65, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms
office2#

Any thoughts? I can post a transaction of a successful connection to a 2008 Server.

jan.nielsen · ‎05-26-2016

Since you are using LDAP over SSL, certificates are involved in the communication with your servers. You should make sure that the Windows servers certificate CN matches the name you enter in your aaa server settings, i also believe you need to install the CA cert from the issuer of your servers certificate.

Kias · ‎08-29-2016

Also had a similar issue, tried NT domain and LDAP protocol authentication methods. But no success. Finally installed the Windows Network Policy Server (NPS) using RADIUS on Windows 2012 and authentication worked.

Kias
Fonicom Limited
raiseaticket Malta

Nay-Sayer · ‎04-28-2018

Can you give us an idea of how Windows Network Policy Server (NPS) using RADIUS was setup for use in this scenario?

Thanks

ASA 5512 LDAP Authentication to Windows Server 2012 RD Active Directory