cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3014
Views
2
Helpful
5
Replies

FMC doesn't authenticate user

tcmckay
Level 1
Level 1

I have my FMC authenticating through LDAP so we can use domain creds. This has worked for years until recently 1 user cannot authenticate. The regularly connect through the AnyConnect VPN and that authentication works, however, when attempting to connect to the FMC they get the following error, "Unable to authorize access. If you continue to have difficulties accessing this device contact the system administrator." On the FMC event log I see this, "username: login failed". 

 

Has anyone else seen this? I may have to open a TAC case but would like any input before I hit that button.

1 Accepted Solution

Accepted Solutions

Update: This issue was resolved by moving the user back into the AD OU. Apparently someone moved the user and the FMC looks for a specific OU when authenticating.

View solution in original post

5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

They may have ambiguous credentials - i.e. something like their username and an alternate username share the same CN or such.

Update: This issue was resolved by moving the user back into the AD OU. Apparently someone moved the user and the FMC looks for a specific OU when authenticating.

Hello again Marvin. We were experiencing similar thing, same type errors. All of a sudden, authentication into FMC via AD stopped working for everyone. Could not figure it out. Pulled another cert for AD from certlm on Windows server and uploaded to FMC, then authentication worked again (original cert was not even due to expire for many years when looking at all certs for AD, etc. - did not delete that current cert just FYI). Realized Anyconnect authentication would not work either. Uploaded another cert for that too then could authenticate. Any ideas? 

I am trying to figure out where and how to retrieve the original AD cert to take a look at it, searches via expert don't produce results (e.g. find -type "*.Security Certificate"). 

@CiscoPurpleBelt I haven't come across that problem.

I suspect the certificate is stored somewhere in the FMC file system, but don't know where specifically. It could be in /etc/ssl/certs, but a quick check of one of mine reveals them all to have obfuscated names. Perhaps you could cross-reference by the file date.

awesome thanks!

Review Cisco Networking for a $25 gift card