Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3613
Views
2
Helpful
5
Replies

FMC doesn't authenticate user

Go to solution
tcmckay
Level 1
Level 1

‎06-15-2020 01:07 PM

I have my FMC authenticating through LDAP so we can use domain creds. This has worked for years until recently 1 user cannot authenticate. The regularly connect through the AnyConnect VPN and that authentication works, however, when attempting to connect to the FMC they get the following error, "Unable to authorize access. If you continue to have difficulties accessing this device contact the system administrator." On the FMC event log I see this, "username: login failed". 

 

Has anyone else seen this? I may have to open a TAC case but would like any input before I hit that button.

1 person had this problem
1 Accepted Solution

Accepted Solutions

Go to solution
tcmckay
Level 1
Level 1
In response to Marvin Rhoads

‎06-17-2020 10:45 AM

Update: This issue was resolved by moving the user back into the AD OU. Apparently someone moved the user and the FMC looks for a specific OU when authenticating.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-15-2020 07:20 PM

They may have ambiguous credentials - i.e. something like their username and an alternate username share the same CN or such.

0 Helpful

Go to solution
tcmckay
Level 1
Level 1
In response to Marvin Rhoads

‎06-17-2020 10:45 AM

Update: This issue was resolved by moving the user back into the AD OU. Apparently someone moved the user and the FMC looks for a specific OU when authenticating.

0 Helpful

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to Marvin Rhoads

‎08-07-2023 05:08 AM

Hello again Marvin. We were experiencing similar thing, same type errors. All of a sudden, authentication into FMC via AD stopped working for everyone. Could not figure it out. Pulled another cert for AD from certlm on Windows server and uploaded to FMC, then authentication worked again (original cert was not even due to expire for many years when looking at all certs for AD, etc. - did not delete that current cert just FYI). Realized Anyconnect authentication would not work either. Uploaded another cert for that too then could authenticate. Any ideas? 

I am trying to figure out where and how to retrieve the original AD cert to take a look at it, searches via expert don't produce results (e.g. find -type "*.Security Certificate"). 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to CiscoBrownBelt

‎08-07-2023 09:44 AM

@CiscoBrownBelt I haven't come across that problem.

I suspect the certificate is stored somewhere in the FMC file system, but don't know where specifically. It could be in /etc/ssl/certs, but a quick check of one of mine reveals them all to have obfuscated names. Perhaps you could cross-reference by the file date.

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to Marvin Rhoads

‎08-08-2023 09:21 AM

awesome thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card