cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

474
Views
0
Helpful
2
Replies
Highlighted
Beginner

[SOLVED]ASA, random AAA authentication problems.

Hi there,

I have 2 ASA 5520 (v. 8.21) in a active/standby failover configuration.

VPN users are autenticated against the MS-AD through LDAP. For the most part this works well. Occasionally I'm having problems with new users in the AD. If I run a test I keep getting "User was not found". This can happen days after the account was created still. In some cases it never seems to work. The accounts I create exists on the same OU level as all the other accounts that are working.

Any hints or tips would be much appreciated.

//Dan

2 REPLIES 2
Highlighted
Enthusiast

Re: ASA, random AAA authentication problems.

I would look at packet captures of the LDAP traffic between the ASA and the LDAP server, and compare working and non-working examples, to see if there are any differences on the queries sent by the ASA.

If all of the queries look the same, the problem would seem to be on the AD side.

Highlighted
Beginner

ASA, random AAA authentication problems.

Forgot to update on this.

It turns out it was a configuration error. Older AD accounts had the same account name and pre-windows 2000 account name. The name standard changed and our AAA setup was looking at the wrong paramater which caused problems with newer accounts.