We are attempting to configure our FMC front end to allow Common Access Card (CAC) access.
At one point we were able to run the test and pull names from the AD server.
We are using TLS with a cert.
The output from the test has failures:
"Failed to issue StartTLS instruction: Connect error - 11"
I'm seeing a line "Current TLS Require Cert: 4".
I've googled around but can't find out what this means.
I was using SSL when I read that it's deprecated and switched to TLS.
I've used "none" but still failure.
Has anyone configured the FMC to work with CAC login?
Has anyone configured the FTD to work with CAC for SSH access?
We had it configured on our ASA via the ASDM.
The Primary and Backup servers are using hostname FQDN and port 389
The LDAP specific parameters is using DC=####, DC=####
No base filter
username <username>
password <password>
confirm password <password>
Advanced options
Encryption TLS
SSL certificate has been uploaded
user name templates that have been tried
cn=%s,dc=srf,dc=local
and
%s@####.####
Timeout is 30 seconds
Attribute Mapping is "userPrincipleName"
This being the name pulled from the CAC.
I have seen recommendations to do a packet capture.
I tried using the internal packet capture but believe this to be useful for the FTD's only.
I figured I should be using Wireshark for this.
####################################################
I did try using the "Fetch Attrs" function under Attribute Mapping.
I got a popup "Could not connect or bind to server ~".
I'll be investigating this first but would like to confirm the other items I listed above.