cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1695
Views
0
Helpful
6
Replies

ASA CX intregation with Active Directory

rodrigo.cisco
Level 4
Level 4

Hi guys,

I have already configured a couple of ASA CX, but one of my customer the integration with AD doesn't work. With LDAP instead of Active Directory worked, but with LDAP I can't use passive authentication.

Anyone can send me a link with Microsoft requirements to integration with CX? Appears to be some security feature on AD because I try to use Administrator user and didn't work either.

Any valuable help will be rated!


Regards,

Rodrigo


Sent from Cisco Technical Support iPad App

6 Replies 6

Tarik Admani
VIP Alumni
VIP Alumni

If you want to use passive authentication you will need the context directory agent to provide that for you.

On the cx you will register to the "AD agent" as a client.

The ldap piece will still be needed in order to implement group objects and policies from them, if that is a requirement.

If yiu need the cda software check the asa download page. You should see a section for cda software.


Sent from Cisco Technical Support Android App

Maybe I was not very specific, but I already configured CDA but I wanna use as a second option active authentication if passive authentication failed, as far as use Identity object. But if LDAP is not possible to do that and the only option is to use simple active authentication; passive authentication in this case show to me as disabled feature.

You know I and what I can ask my customer to configure on AD? I didn't find on Cisco web site and Im not a Microsoft expert. :-(

Tks

Rodrigo

Sent from Cisco Technical Support iPad App

I was able to get this to work, what issues are you having with the secondary method? When you create the realm, you need to add the ldap directory in addition for the group lookup. Can you post a screenshot of what you have configured and some of the settings so I can get a better picture.

also include your identity policy that specifies the backup method.

Tarik Admani
*Please rate helpful posts*

Tarik,

I have configured both, the Realm and add directoris to it. After that I should create a Identity Object and for instance show me up all user that start with "R" after I type "r" on the "User" field.

Below are two pic of my realm and directory and after click on "Test connection" both worked as I instended.

My customer followed the CDA doc and applied all patches and configuruations but still doesn't work. Between CX and AD there is no firewall, and windows firewall are disabled.

I have two ASA/CX and both are with the same problem. Any help or advice?

Regards,

Rodrigo Alves

Just to help everybody that could pass through this situation, I had found the problem and problem was on my customer AD.

All this happen make sure that the customer configured the AD as the link below even if customer tell you he already did it:

http://www.cisco.com/en/US/docs/security/ibf/cda_10/Install_Config_guide/cda_install.html#wp1061521

Take a special look at windows register...

This link tell you only about CDA configuration, but it is necessary to active authentication too..

Regards,

Rodrigo Alves

Thanks for following up Rodrigo, I also noticed that restarting the WMI services will also help after the permissions have been modified.

Thanks,

Tarik Admani
*Please rate helpful posts*

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: