Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

Simple authentication for GLSXXXX returned code (49) Invalid credentials driving me crazy :(

jacenkoj33
Level 1
Level 1

‎02-04-2016 12:04 PM

So I have a pair of ASA 5525 I'm trying to get LDAP authentication working mainly for the IT staff to login using VPN and not have to supply local account credentials to login into VPN then eventually get the RSA soft token to work with it. First off though I just cannot get the the ASA to successfully test my configuration. I've watched a dozen videos and read  a half dozen Cisco documents and blogs on this subject but it seems I'm missing something. Included is my config and debug if anyone would care to help me troubleshoot this I'd be eternally grateful. I guess the IP is internal doesn't really matter if I block it out but I guess to keep the security audit team happy I'll not include it. Be assured its the same ip everywhere there's a 10.x.x.x. 

GLSXXXX account is in the follow AD path gls.com/Service Accounts/IT/

The other thing I'm wondering about is the glsxxx account is only a member of the Domain Users group so if this account needs some level of admin could that be causing the fail?

aaa-server LDAPSERVERS protocol ldap
aaa-server LDAPSERVERS (inside) host 10.x.x.x
ldap-base-dn dc=gls,dc=com
ldap-scope subtree
ldap-naming-attribute glsxxxx
ldap-login-password *****
ldap-login-dn cn=GLSXXXX,cn=IT,cn=Service Accounts,dc=gls,dc=local
server-type microsoft

debug ldap 255
test aaa-server authentication LDAPSERVERS host 10.x.x.x


[-2147483601] Session Start
[-2147483601] New request Session, context 0x00007fffd1e50550, reqType = Authentication
[-2147483601] Fiber started
[-2147483601] Creating LDAP context with uri=ldap://10.x.x.x:389
[-2147483601] Connect to LDAP server: ldap://10.x.x.x:389, status = Successful
[-2147483601] supportedLDAPVersion: value = 3
[-2147483601] supportedLDAPVersion: value = 2
[-2147483601] Binding as GLSLDAP
[-2147483601] Performing Simple authentication for GLSXXXX to 10.x.x.x
[-2147483601] Simple authentication for GLSXXXX returned code (49) Invalid credentials
[-2147483601] Failed to bind as administrator returned code (-1) Can't contact LDAP server
[-2147483601] Fiber exit Tx=217 bytes Rx=645 bytes, status=-2
[-2147483601] Session End
ERROR: Authentication Server not responding: AAA Server has been removed

Thanks,

Jim

1 person had this problem
Labels:
0 Helpful
Who Me Too'd this topic