09-28-2015 01:31 PM - edited 03-10-2019 11:05 PM
Hi i am trying to get ASA to authenticate vpn users based on their AD account. i am using the following settings.
i have verified that its getting to the ldap server (DC). In cisco asdm, i see the following error:
i turned on debugging in the asa itself and i see the following error.
[-2147483629] Simple authentication for ladp_search returned code (49) Invalid credentials
[-2147483629] Failed to bind as administrator returned code (-1) Can't contact LDAP server
[-2147483629] Fiber exit Tx=223 bytes Rx=721 bytes, status=-2
[-2147483629] Session End
i then used ldp.exe tool in the DC to test the ldap_search account i was using and i was able to connect/bind and access all the OUs using the same account/password. Looks the the problem only happens if i try to connect using the ASA.
not sure what i am doing wrong or if i am missing any setting... any help would be appreciated.
thanks.
09-29-2015 09:41 AM
Please try username as ldap_search@home.local and see if that fix the issue. Also make sure that user is member of account operator or domain admin group in AD.
Regards,
~JG
Do rate helpful posts
09-29-2015 10:24 AM
Thank you Jagdeep. i got it to work yesterday. problem was with login DN. i was using username instead of display name.
as for being part of account operator group, i think that is only required if you want to do password management over vpn. the ldap_Search account i created is just a regular user account without any special rights.
10-03-2015 11:17 AM
Yes, that is correct.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide