Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1517
Views
5
Helpful
2
Replies

VPN client authentication against Active Directory

pkoraca1987
Level 1
Level 1

‎12-22-2011 06:49 AM

Hi,

I want to authenticate VPN clients against Active Directory on Windows Server 2008. If I got it right I can do LDAP authentication only via PAP (which sends plain text password). Is this a limitation of Cisco ASA or LDAP itself? Would you suggest to use RADIUS instead?

Thank you!

Petar Koraca

Labels:
0 Helpful
2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎12-22-2011 07:46 AM

Petar,

ASA can talk to AD via LDAP over SSL, as far as security goes ;-)

RADIUS is neat for network usage, but typically in a big organization one would have once centralized user database, more often than not it's a AD ;-)

Benefit of RADIUS over AD is easy push of additional addtributes.

Marcin

pkoraca1987
Level 1
Level 1
In response to Marcin Latosiewicz

‎12-22-2011 08:41 AM

Thanks!

However, I tried configuration with LDAP and I have following errors (debug ldap 255):

[25] Session Start

[25] New request Session, context 0xcb542fa0, reqType = Authentication

[25] Fiber started

[25] Failed: The username or password is blank

[25] Fiber exit Tx=0 bytes Rx=0 bytes, status=-3

[25] Session End

Configuration is in attachment.

I'll try RADIUS tomorrow, but it would be nice to have both solutions

Cheers,

Petar Koraca

119386-VPN_LDAP.txt.zip
0 Helpful
Customers Also Viewed These Support Documents