Connection to LDAP fails while using PEAP Mschapv2 authentication on ACS 5.1.
Connection to LDAP fails when using PEAP Mschapv2 authentication on ACS 5.1 because LDAP doesn't support PEAP Mschapv2.
This problem can be resolved in one of the following ways:
1)Using Active Directory(AD) instead of LDAP (since AD supports PEAP Mschapv2). To perform AD integration, we need to have the following:
-AD account with role "Account Operator"
-Configure ACS clock and time zone same as your AD servers
For more information on ACS integration with AD refer to Joining ACS to an AD Domain . Some screenshots are mentioned below for quick reference.
STEP 1: On ACS 5.x Web management interface find on the left panel the Users and Identity Stores sections and chose Active Directory
Important Note: While trying to join ACS to the AD domain, ACS and AD must be time-synchronized. Time in ACS is set according to the Network Time Protocol (NTP) server. Both AD and ACS should be synchronized by the same NTP server. If time is not synchronized when you join ACS to the AD domain, ACS displays a clock skew error. Using the command line interface on your appliance, you must configure the NTP client to work with the same NTP server that the AD domain is synchronized with. Refer for more information: Cisco guide for integration
STEP 2: Adding Required info.
Complete the Active Directory Domain Name field with the necessary value. Then, add the username and password. This user needs to be a domain administrator and to have rights to add new machines to Active Directory. Use the Test Connection to see if everything is correct. You can save the configuration. After you save, you will notice that Connectivity Status changed and now it’s showing the joined domain. Also on the top page additional two tabs appear. You’re done!
Hi, i get the below remote desktop connection error message when trying to access the client desktop.Anyconnect status is connected.Could you please suggest how to fix this ?My teammates use the same application and are connected to RDP.
Is there any issue w/ the following configuration:object-group network obj_myinternal_ips network-object host 172.16.23.20 network-objecthost 172.16.23.100 object network obj_myexternal network-object host 192.168.23.200 ...
Hi there, I want to migrate Cisco ASA 5505 to Cisco FTD with Firepower Device Manager (FDM). I know that you can use Cisco's Migration Tool if you are migrating to Cisco FTD with Firepower Management Center (FMC). Is there any "easy" way to migr...
Hi all, Below in the configuration in ASA0, still unable to ping to outside interface gi/2, pls help interface GigabitEthernet1/1nameif insidesecurity-level 0ip address 192.168.1.1 255.255.255.0!interface GigabitEthernet1/2nameif outsidesecurity...
Hi, I am trying to take a configuration back-up on my Primary Admin Node.I see that the backup generation is stuck on 10%, it has been this way for about 5 days now.The ise node is still operating without any issues. I have tried to stop the bac...