Identity firewall NetBIOS Probe problem

Daniel Leonard · ‎11-13-2012

Hi,

I've setup an Identity Firewall on a ASA5510 version 8.4.5 (inside interface). ADAgent is installed and configured on an Windows 2003 server and connected to the DC (Windows 2008 server). Everything works fine except the NetBIOS Probe function.

The NetBIOS probe function is active and configured as below.

user-identity domain TEST aaa-server LDAP_Identity

user-identity default-domain TEST

no user-identity action mac-address-mismatch remove-user-ip

user-identity inactive-user-timer minutes 120

user-identity logout-probe netbios local-system

user-identity poll-import-user-group-timer hours 1

user-identity ad-agent aaa-server adagent

user-identity user-not-found enable

The problem is following message...

"746013 user-identity: Delete IP-User mapping 192.168.3.61 - TEST\Peter Succeeded - Netbios probing failed"

I've never seen an NetBIOS probe successful message

Can anyone help me with this issue?

Thanks

Please rate or mark answered for helpful posts.

Tarik Admani · ‎11-13-2012

Hi,

Could you please run some of these debug commands:

debug user-identity user

debug user-identity user-group

debug user-identity ad-agent

debug-user-identity ldap

debug user-identity logout-probe

debug user-identity acl

debug user-identity tmatch

debug user-identity fqdn

debug user-identity process

debug user-identity debug

debug user-identity error

debug ldap 255

Also here is a guide that may provide some direction -

https://supportforums.cisco.com/docs/DOC-20366

Tarik Admani
*Please rate helpful posts*

Daniel Leonard · ‎11-13-2012

Thanks,

That's the guide I've used to set up the configuration. I will go on with debugging...

Sent from Cisco Technical Support iPhone App

Please rate or mark answered for helpful posts.