cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

960
Views
0
Helpful
4
Replies
Beginner

Problem with authentication

I've an ASA 5505 that I'm configuring for clientless ssl-vpn. I can access the login page from a remote address as expected, but not login. I captured the log entries from the monitoring feature & saw a message stating 'AAA authentication server not accessible'. I used the TraceRt feature to determine that I can access the server hosting Active Directory, so I reviewed the servers in the AAA Server Groups. The settings appear correct: the interface is in the same VLAN as the server & the same one used in the TraceRT test; I've enabled LDAP over SSL, port 636 & can telnet to the server on that port from other devices in the VLAN; the server type is Microsoft; all the other settings appear correct for connections. I'm baffled where to look for the resolution. Any suggestions are appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Problem with authentication

Not any special recommendations, but I think the best would be to do logging to buffer so:

conf t

logging buffer debug

logg enable

debug aaa authentication

debug ldap 255

But please remember that if this box is handling a lot of authentications requests it might affect the performance.

4 REPLIES 4
Cisco Employee

Problem with authentication

I think you should try to do some debugs:

debug aaa authentication

debug ldap (later debug ldap 255 if nothing there)

Beginner

Problem with authentication

Do you have some recommendations on how to do the debugging?

Highlighted
Cisco Employee

Problem with authentication

Not any special recommendations, but I think the best would be to do logging to buffer so:

conf t

logging buffer debug

logg enable

debug aaa authentication

debug ldap 255

But please remember that if this box is handling a lot of authentications requests it might affect the performance.

Beginner

Problem with authentication

That's what I did. Finally determined I had the wrong CN=x.