Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1249
Views
0
Helpful
2
Replies

LDAP Authentication to Novell NDS LDAP server?

mlachniet
Level 1
Level 1

‎05-23-2006 11:06 AM - edited ‎02-21-2020 10:15 AM

I am having a problem with LDAP authentication to a Novell NDS server. This is on an ASA 7.1(2) 5510 talking to Netware 6.5 with all current patches installed. All of the context stuff, as well as the SSL stuff is working just fine. We can clearly see a failed authentication attempt when we type in an incorrect password, so I'm sure the base DN's, search and bind credentials settings are all just fine.

The problem is that when we type in a *correct* password, it still fails from the ASA's perspective, though Novell seems to think everything is fine. The DSTRACE screen shows:

Sending operation result 0:"":"" to connection 0x121dd540

With LDAP debugging on the ASA, we see:

[32] Performing Simple authentication for user to XX.XX.XX.XX

[32] Authentication successful for user to XX.XX.XX.XX

[32] Retrieving user attributes from server XX.XX.XX.XX

callback_aaa_task: status = -3

[32] Fiber exit Tx=192 bytes Rx=26621 bytes, status=-3

[32] Session End

When running the "test" button on ASDM, we get back the cryptic message:

Authentication test to host XX.XX.XX.XX failed. The following error occured

ERROR: Authentication Error: No error.

Despite the above, it truly is broken. Anyone have a clue what might be going wrong? Or does anyone have a successful LDAP from ASA->NDS working? Do I perhaps need some attribute mappings or some other configuration option?

My open TAC case engineer wants a packet trace, but this is an SSL connection, and setting up a non-SSL LDAP server may be problematic.

Thanks all!

Mark Lachniet

Labels:
0 Helpful
2 Replies 2

Not applicable

‎05-29-2006 03:34 AM

I am not very familier with NDS, but from my understanding of AAA authentication, two things you need to check on the authentication server. One is if the client is configured correctly (with the IP address) and the second is the shared secret key.

0 Helpful

mlachniet
Level 1
Level 1
In response to

‎05-30-2006 05:08 AM

That would be for Radius. As it turns out, we got it working by:

A) Selecting the LDAP type of "Microsoft" (was previously set to auto-detect)

B) Fully patching the Netware server.

It seems that both were necessary.

0 Helpful
Customers Also Viewed These Support Documents