cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
522
Views
0
Helpful
0
Replies

Cisco CDA- Cisco Directory Agent

mateen.padela
Level 1
Level 1

Hello All,

I am trying to implement CDA. And am hitting some road blockers. I am following the below link for the same.

http://www.cisco.com/c/en/us/td/docs/security/ibf/cda_10/Install_Config_guide/cda10/cda_install.html#pgfId-1063655
 
 
1.In this i covered all the sections .But still :-

-When i am adding AD on my CDA it doesnt get connected and become green.
 
( -the firewall its already disabled 
-Hotfixes are already in place
-telnet to 636 on AD server is also fine.)

2. Then for ASA config i gave the below and tried to test asa-cda connection. That also failed. (Note:reachability of asa-cda is working fine)
 
aaa-server adserver protocol ldap
aaa-server adserver (inside) host x.x.x.x
server-port 636
ldap-group-base-dn CN=Administrator,OU=Users,DC=cisco.com
ldap-scope subtree
ldap-login-password *****
ldap-login-dn CN=Administrator,OU=Users,DC=cisco.com
ldap-over-ssl enable
server-type microsoft
group-search-timeout 300
 
aaa-server adagent protocol radius
ad-agent-mode
aaa-server adagent (inside) host x.x.x.x
key *****
user-identity ad-agent aaa-server adagent
test aaa-server ad-agent
 
user-identity default-domain SAMPLE
user-identity domain SAMPLE aaa-server ds
user-identity action domain-controller-down SAMPLE disable-user-identity-rule
user-identity ad-agent aaa-server adagent
user-identity enable
user-identity logout-probe netbios local-system probe-time minutes 10 retry-interval seconds 10 retry-count 2 user-not-needed
user-identity inactive-user-timer minutes 120
user-identity poll-import-user-group-timer hours 1
user-identity action netbios-response-fail remove-user-ip
user-identity user-not-found enable
user-identity action ad-agent-down disable-user-identity-rule
user-identity action mac-address-mismatch remove-user-ip
user-identity ad-agent active-user-database full-download
user-identity ad-agent hello-timer seconds 20 retry-times 3
 
Regards,
-Mateen

0 Replies 0