03-31-2020 01:12 PM
: Hardware: ASA5508, 8192 MB RAM, CPU Atom C2000 series 2000 MHz, 1 CPU (8 cores)
!
ASA Version 9.12(3)
Anyconnect version is 4.8
ldap config
ldap attribute-map AM-ANYCONNECT-USERS
map-name memberOf Group-Policy
map-value memberOf CN=VPN_Users,OU=People,DC=blahblah,DC=com GroupPolicy_ANYCONNECT-PROFILE
aaa-server LDAP-SERVER protocol ldap
aaa-server LDAP-SERVER (inside) host 192.168.0.8
ldap-base-dn DC=blahblah,DC=com
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CN=ldap_vpnadmin,OU=People,DC=meicompany,DC=com
server-type microsoft
error recieved testing
INFO: Attempting Authentication test to IP address (192.168.0.8) (timeout: 17 seconds)
ERROR: Authentication Server not responding: AAA Server has been removed
Anyhelp would be greatly appreciated
03-31-2020 08:14 PM
Hi
Your LDAP config looks ok.
Are you getting the error while doing a test aaa from asa or when connecting to VPN?
First ensure you can authenticate correctly by testing your LDAP through ASDM or CLI (test aaa command).
If this test is ok, while connecting to VPN, can you run a debug aaa and debug ldap 255 and share the output in a text file?
Also can you share your anyconnect configuration?
04-01-2020 06:55 AM
[-2147483601] New request Session, context 0x00007f16899b27c0, reqType = Authentication
[-2147483601] Fiber started
[-2147483601] Creating LDAP context with uri=ldap://192.168.0.8:389
[-2147483601] Connect to LDAP server: ldap://192.168.0.8:389, status = Successful
[-2147483601] supportedLDAPVersion: value = 3
[-2147483601] supportedLDAPVersion: value = 2
[-2147483601] Binding as ldap_vpnadmin
[-2147483601] Performing Simple authentication for ldap_vpnadmin to 192.188.0.8
[-2147483601] Simple authentication for ldap_vpnadmin returned code (49) Invalid credentials
[-2147483601] Failed to bind as administrator returned code (-1) Can't contact LDAP server
[-2147483601] Fiber exit Tx=221 bytes Rx=726 bytes, status=-2
[-2147483601] Session End
ERROR: Authentication Server not responding: AAA Server has been removed
ASA config
ldap attribute-map AM-ANYCONNECT-USERS
map-name memberOf Group-Policy
map-value memberOf CN=VPN_Users,OU=People,DC=blahblah,DC=com GroupPolicy_ANYCONNECT-PROFILE
aaa-server LDAP-SERVER protocol ldap
aaa-server LDAP-SERVER (inside) host 192.168.0.8
ldap-base-dn DC=meicompany,DC=com
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CN=ldap_vpnadmin,OU=People,DC=blahblah,DC=com
server-type microsoft
04-01-2020 04:27 PM
Got it fixed, did a lday query and found that the CN was off for it.
Final question, is it possible have LDAP configured for a group, and also setup local users.
04-01-2020 06:22 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide