Solved: Re: Double authentication using LDAP and RSA

Matt Lang · ‎10-15-2010

I would like to use LDAP and RSA (double authentication) for my SSL VPN clients. I can successfully authenticate users if my login page forces the users to enter a second username. If I have the configuration set so they only have to enter their username once, no authentication attempts are being passed to the authentication servers. I am running debug on LDAP and RADIUS (for RSA) which is how I know that authentication is never being passed if they only have to enter their username once on the login page.

If I do not specify 'use-primary-username' at the end of the 'secondary-authentication-server-group' command, the users must enter their username twice and authentication is successful.

Does anyone know how to configure the ASA so they only have to enter their username one time while utilizing both LDAP (as primary) and RSA (RADIUS) (as secondary)?

Thanks in advance.

Matt

Herbert Baerten · ‎10-16-2010

Hi Matt,

I just tried it on 8.3(2) and it works as expected. I suspect you're running into this bug:

CSCte66568 Double authentication broken in 8.2.2 when use-primary-username is conf.

If you're running 8.2, upgrade to 8.2(3) and you shoud be fine.

hth

Herbert

View solution in original post

Herbert Baerten · ‎10-16-2010