Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
476
Views
0
Helpful
2
Replies

LDAP over SSL authentication problem

mark.a.coleman
Level 1
Level 1

‎02-14-2013 03:46 AM - edited ‎03-10-2019 08:05 PM

On our ASA5510 in the area AAA Server Groups, there is an entry for LDAP and an object that refers to our 2003 Domain Controller. This DC has LDAP over SSL enabled and I can see the DN and Password for a domain user account.

I've created two new DC's, both R2 2008 but when I enable these in the same way it says it could not authenticate, ERROR auth server not responding, AAA group removed.

I thought this had something to do with CA being installed on a DC, but it's not running as a service on the DC that was already referred to.

Am I missing something here?

Thanks

Labels:
0 Helpful
2 Replies 2

Jatin Katyal
Cisco Employee
Cisco Employee

‎02-14-2013 03:53 AM

Could you please provide me the below listed information:

1.] Show run from the ASA

2.] LDAP server (2208 R2) > start >  run > ldp.exe > enter the server ip or name and port 636.

3.] LDAP server (2208 R2) > start > run > cmd >   Certutil -VerifyStore MY

4.] debug ldap 255 , test the authentication again and paste the debugs outputs.

Jatin Katyal

- Do rate helpful posts -

~Jatin
0 Helpful

mark.a.coleman
Level 1
Level 1
In response to Jatin Katyal

‎02-14-2013 06:25 AM

Jatin,

Is there anything specific I should be looking for in the running config?

In LDP, am I connecting to my 2003 DC and if so is there smething I should be noticing.

When running the Certutil command, again shoud I notice anything.

I see the debug command cannot be run from CLI and that's all I have access to.

Thanks

0 Helpful
Customers Also Viewed These Support Documents