Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
789
Views
0
Helpful
1
Replies

Identity Options in ASA

Yongtae Kim
Level 1
Level 1

‎01-25-2012 06:46 PM - edited ‎03-11-2019 03:19 PM

Hello,

I am testing "Identity Options" with IDFW Step by Step configuraiton.

I could finish installing and configuring AD agent and Identity options but I could not get an authenciation from a domain controller.

I can find my name in the domain controller but when I try to get an authentication from the DC, ASA says "Authentication Rejected: User was not found". When I configured the domain controller as AAA server with protocol "NT Domain" under Device Manangement > Users/AAA > AAA server Groups and ran "Test" button, I could get my account authenticated by the domain controller.

Could you guys please give me some tips how to break this problem?


Here is how I did a test.


Test_ASA# test aaa-server authentication AD1 username richard password cisco123
Server IP Address or name: 192.168.1.1
INFO: Attempting Authentication test to IP address <192.168.1.1> (timeout: 12 seconds)

[3622] Session Start
[3622] New request Session, context 0x76821678, reqType = Authentication
[3622] Fiber started
[3622] Creating LDAP context with uri=ldaps://192.168.1.1:636
[3622] Connect to LDAP server: ldaps://192.168.1.1:636, status = Successful
[3622] supportedLDAPVersion: value = 3
[3622] supportedLDAPVersion: value = 2
[3622] Binding as administrator
[3622] Performing Simple authentication for administrator to 192.168.1.1
[3622] LDAP Search:
        Base DN = [DC=sulu, DC=local]
        Filter  = [sAMAccountName=richard]
        Scope   = [ONE LEVEL]
[3622] User richard not found
[3622] Fiber exit Tx=250 bytes Rx=750 bytes, status=-1
[3622] Session End
ERROR: Authentication Rejected: User was not found

Labels:
0 Helpful
1 Reply 1

Kureli Sankar
Cisco Employee
Cisco Employee

‎01-29-2012 07:10 AM

Does this user richard exist under sulu? This ID is and admin ID?

Follow this link and configure every step as I mentioned and let us know if you run into any issues.

https://supportforums.cisco.com/docs/DOC-20366/

-Kurel

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card