Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
965
Views
0
Helpful
0
Replies

Issue with LDAP and Radius authentication in ASA

LPAUCISCO
Level 1
Level 1

‎04-05-2016 09:40 PM - edited ‎03-10-2019 11:38 PM

I'm trying to use ldap as a first method of ayhentication for ssl vpn but the resut for all tests are failure so far.Please find the detail as per below:

 

ldap attribute-map LDAP_MAP
  map-name  memberOf IETF-Radius-Class
  map-value memberOf CN=Users,DC=ap,DC=firstcorp,DC=net AUNZ_USERS

aaa-server LDAP-GROUP protocol ldap
 max-failed-attempts 5
aaa-server LDAP-GROUP (INSIDE) host 10.10.2.100
 ldap-base-dn OU=LPAU,DC=ap,DC=firstcorp,DC=net
 ldap-naming-attribute sAMAccountName
 ldap-login-password *****
 ldap-login-dn CN=svcsslvpnro,OU=Service Accounts,OU=Users,OU=LPAU,DC=ap,DC=firstcorp,DC=net
 server-type microsoft
 ldap-attribute-map LDAP_MAP
aaa-server RADIUS-GROUP protocol radius
 reactivation-mode depletion deadtime 2
aaa-server RADIUS-GROUP (INSIDE) host 10.10.2.20
 key *****

 

 

Test and Debug result:

test aaa-server authentication LDAP-GROUP username ganjk password *******
Server IP Address or name: 10.10.2.100
INFO: Attempting Authentication test to IP address <10.10.2.100> (timeout: 12 seconds)

[-2147483611] Session Start
[-2147483611] New request Session, context 0x00007fd471e9d880, reqType = Authentication
[-2147483611] Fiber started
[-2147483611] Creating LDAP context with uri=ldap://10.10.2.100:389
[-2147483611] Connect to LDAP server: ldap://10.10.2.100:389, status = Successful
[-2147483611] supportedLDAPVersion: value = 3
[-2147483611] supportedLDAPVersion: value = 2
[-2147483611] Binding as svcsslvpnro
[-2147483611] Performing Simple authentication for svcsslvpnro to 10.10.2.100
[-2147483611] LDAP Search:
        Base DN = [OU=LPAU,DC=ap,DC=firstcorp,DC=net]
        Filter  = [sAMAccountName=ganjk]
        Scope   = [ONE LEVEL]
[-2147483611] Search result parsing returned failure status
[-2147483611] Talking to Active Directory server 10.19.20.100
[-2147483611] Reading password policy for ganjk, dn:
[-2147483611] Binding as svcsslvpnro
[-2147483611] Performing Simple authentication for svcsslvpnro to 10.10.2.100
[-2147483611] Fiber exit Tx=603 bytes Rx=825 bytes, status=-1
[-2147483611] Session End
ERROR: Authentication Rejected: Unspecified

 

 

 

5 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents