Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1167
Views
0
Helpful
3
Replies

Configure Active Directory Client authentication

network
Level 1
Level 1

‎10-11-2004 08:56 AM - edited ‎02-21-2020 10:11 AM

Hello,

I'm running the latest Cisco 3005 code 4.1.7

I've been attempting to configure Microsoft Active Directory authentication on a Cisco 3005 concentrator and appear to be stuck.

I have successfully configured an Active Directory/Kerberos server in Configuration/Servers/Authentication. I can then do a TEST authentication to a Windows domain controller and the user ID and password are successfully authentication.

If I then try to configure a GROUP in User Management and select an Authentication server, enter the same information as above for authentication (domain controller IP, etc.), and try to test - the test fails with the eror "Authentication Error: No active server found".

This puzzles me unless I'm missing something in the configuration (selected Kerberos authentication in group properties).

I have not been able to locate a good document on how to configure a group to be authenticated by Microsoft Active Directory (kerberos), so any pointers are very much appreciated.

Any help would be appreciated,

Frank Pikelner

frank.pikelner@blue-dot.ca

Labels:
0 Helpful
3 Replies 3

network
Level 1
Level 1

‎10-11-2004 09:06 AM

I've just resolved my own problem shortly after posting. I changed the group from External to Internet and authentication successfully worked.

One question remains though, if I was to configure the group as External, do I have to define the group in Active Directory?

Thank you,

Frank Pikelner

frank.pikelner@blue-dot.ca

0 Helpful

hoangbp
Level 1
Level 1
In response to network

‎10-16-2004 08:45 AM

Frank:

You would select External authentication only if you wanted to define your IKE/IPec parameters and VPN3000 concentrator attributes using RADIUS server.

In your case, you only needed to point your concentrator to Active Directory for user database information for users authentication, thus selecting Internal authentication was the right choice.

You probably noticed that when you selected External, all the tabs such as General, IPSec,etc within Configuration | User Management | Groups | Modify "Groupname" was gone. The only tab left is the Identity tab. This is because you have to define the attributes in the RADIUS server in the case of "External" authentication.

Thanks,

Binh Hoang

0 Helpful

mdnicholas
Level 1
Level 1

‎10-29-2004 10:59 AM

Frank,

I am attempting to switch from using the internal VPN database to our Kerberos/Active Directory servers. Like you, I was unable to find anything on how to do this.

My problem is that I cannot even get the initial TEST authentication from the Configuration/Servers/Authentication to the AD server to work properly. Do you know what settings or groups must be applied on the AD server to allow this to work?

Any information would be greatly appreciated.

Thank you,

Mark Nicholas

mnicholas@cfsloans.com

0 Helpful
Customers Also Viewed These Support Documents