Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
877
Views
0
Helpful
0
Replies

AnyConnect LDAP authentication issue on ASA 9.8

somnathch
Level 1
Level 1

‎12-21-2017 01:48 AM - edited ‎02-21-2020 07:00 AM

Hi,

 

I have configured the AAA with authentication configured to AD. it is working locally on test boy the anyconnect clients authentication is not forwarding to LDAP instead it is going to local database. The log says DfltGrpPolicy (system default) is rejecting the user authentication. Can any one please help.

 

The config for LDAP is a is below

 

**** LDAP attribute ****

 

ldap attribute-map ldap1
map-name memberOf Group-Policy
map-value memberOf "CN=svc_aaa,OU=Service Account,OU=Accounts,DC=bb,DC=co,DC=uk" RGWGP1

**** END ***

 

**** server group ****

aaa-server RGW-GRP1 protocol ldap
reactivation-mode timed
max-failed-attempts 5
realm-id 1
aaa-server RGW-GRP1 (ANYCONN_INSIDE) host 10.11.5.5
server-port 389
ldap-base-dn OU=Accounts,DC=bb,DC=co,DC=uk
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CN=svc_rgwadmin,OU=Service Account,OU=Accounts,DC=bb,DC=co,DC=uk
server-type microsoft
ldap-attribute-map ldap1

 

**** end ****

 

**** tunnel group****

 

tunnel-group RGWCorp1 type remote-access
tunnel-group RGWCorp1 general-attributes
address-pool CorpRgwpool1
authentication-server-group RGW-GRP1
default-group-policy RGWGP1
tunnel-group RGWCorp1 webvpn-attributes
authentication aaa certificate
group-alias RGWCorp1 disable
group-url https://www.vpn.demo.co.uk/Corp enable
tunnel-group-map default-group RGWCorp1

***END****

 

 

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card