cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1763
Views
0
Helpful
2
Replies

Firepower Management Center LDAP/CAC configuration

Eric R. Jones
Level 4
Level 4

We are attempting to configure our FMC front end to allow Common Access Card (CAC) access.

At one point we were able to run the test and pull names from the AD server.

We are using TLS with a cert.

The output from the test has failures:

"Failed to issue StartTLS instruction: Connect error - 11"

 

I'm seeing a line "Current TLS Require Cert: 4".

I've googled around but can't find out what this means.

 

I was using SSL when I read that it's deprecated and switched to TLS.

I've used "none" but still failure.

 

Has anyone configured the FMC to work with CAC login?

Has anyone configured the FTD to work with CAC for SSH access?

We had it configured on our ASA via the ASDM.

 

The Primary and Backup servers are using hostname FQDN and port 389

The LDAP specific parameters is using DC=####, DC=####

No base filter

username <username>

password <password>

confirm password <password>

 

Advanced options

Encryption TLS

SSL certificate has been uploaded

user name templates that have been tried

cn=%s,dc=srf,dc=local

and

%s@####.####

Timeout is 30 seconds

 

Attribute Mapping is "userPrincipleName"

This being the name pulled from the CAC.

 

I have seen recommendations to do a packet capture.

I tried using the internal packet capture but believe this to be useful for the FTD's only.

I figured I should be using Wireshark for this.

####################################################

I did try using the "Fetch Attrs" function under Attribute Mapping.

I got a popup "Could not connect or bind to server ~".

I'll be investigating this first but would like to confirm the other items I listed above.

 

1 Accepted Solution

Accepted Solutions