Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
703
Views
0
Helpful
2
Replies

[SOLVED]ASA, random AAA authentication problems.

dan.sellberg
Level 1
Level 1

‎03-17-2010 12:54 AM - edited ‎03-10-2019 05:00 PM

Hi there,

I have 2 ASA 5520 (v. 8.21) in a active/standby failover configuration.

VPN users are autenticated against the MS-AD through LDAP. For the most part this works well. Occasionally I'm having problems with new users in the AD. If I run a test I keep getting "User was not found". This can happen days after the account was created still. In some cases it never seems to work. The accounts I create exists on the same OU level as all the other accounts that are working.

Any hints or tips would be much appreciated.

//Dan

Labels:
0 Helpful
2 Replies 2

Javier Henderson
Level 4
Level 4

‎03-17-2010 06:24 AM

I would look at packet captures of the LDAP traffic between the ASA and the LDAP server, and compare working and non-working examples, to see if there are any differences on the queries sent by the ASA.

If all of the queries look the same, the problem would seem to be on the AD side.

0 Helpful

dan.sellberg
Level 1
Level 1
In response to Javier Henderson

‎09-02-2011 12:45 AM

Forgot to update on this.

It turns out it was a configuration error. Older AD accounts had the same account name and pre-windows 2000 account name. The name standard changed and our AAA setup was looking at the wrong paramater which caused problems with newer accounts.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents