Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
276
Views
0
Helpful
2
Replies

ASA5512 v9.4.2 AD Integration for Firewall Policies

Bilal Ahmad
Level 1
Level 1

ā€Ž08-29-2016 10:18 PM - edited ā€Ž03-12-2019 01:12 AM

Hi 

I have Cisco ASA 5512 with version 9.4.2 running and I am integrating it with the MS Active Directory. I have created the firewall for AD agent and configured aaa-server for ldap also. The ASA is communicating with AD agent with success but once I test the ASA with the AD server its throwing the below error

-2147483623] Session Start
[-2147483623] New request Session, context 0x00007fffe34a37e0, reqType = Authentication
[-2147483623] Fiber started
[-2147483623] Creating LDAP context with uri=ldap://172.X.X.6:389
[-2147483623] Connect to LDAP server: ldap://172.22.1.6:389, status = Successful
[-2147483623] supportedLDAPVersion: value = 3
[-2147483623] supportedLDAPVersion: value = 2
[-2147483623] Binding as uaefts
[-2147483623] Performing Simple authentication for uaefts  to 172.22.1.6
[-2147483623] Simple authentication for uaefts  returned code (49) Invalid credentials
[-2147483623] Failed to bind as administrator returned code (-1) Can't contact LDAP server
[-2147483623] Fiber exit Tx=208 bytes Rx=719 bytes, status=-2
[-2147483623] Session End
ERROR: Authentication Server not responding: AAA Server has been removed

The user which I have created in AD is a normal user with no admin privileges. Please advice what should be the privilege level of the user which I have created in the AD? Should it be a normal user or I should it be with admin privileges.

Thanks

Labels:
0 Helpful
2 Replies 2

Terence Payet
Level 1
Level 1

ā€Ž08-29-2016 11:38 PM

Hi,

Can you post the config relevant to ldap and AAA.

Regards,

Terence

0 Helpful

Bilal Ahmad
Level 1
Level 1
In response to Terence Payet

ā€Ž08-30-2016 12:28 AM

Hi Terence 

Thanks for the reply. Below is the configuration

aaa-server ABCLDAP protocol ldap
aaa-server ABCLDAP (Inside) host 172.X.X.6
server-port 389
ldap-base-dn dc=dc12, dc=abc,dc=com
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn cn=john ,cn=Users,dc=dc12,dc=abc,dc=com
server-type microsoft
aaa-server ABC-AD protocol radius
ad-agent-mode
aaa-server ABC-AD (Inside) host 172.X.X.34
key *****
user-identity default-domain LOCAL
user-identity ad-agent aaa-server ABC-AD

Please advice is you need more information.

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card