10-02-2017 08:50 AM - edited 03-12-2019 04:35 AM
Hi,
I have newly configured Anyconnect with LDAP authentication, while trying to login on Anyconnect I get the below error. I have different profiles with authencating different Domain Controller is this could be the reason?
6 | Oct 02 2017 | 15:03:49 | 725007 | 86.98.10.198 | 65223 | SSL session with client outside:86.98.10.198/65223 terminated. |
6 | Oct 02 2017 | 15:03:49 | 113005 | AAA user authentication Rejected : reason = Unspecified : server = 10.47.20.21 : user = ***** : user IP = 86.98.10.198 |
10-02-2017 11:44 AM
If you have different profiles with authenticating different Domain Controllers, do any of the profiles succeed in authentication?
It would seem that the issue is related to the part of the message that says "Unspecified server". Can you verify that the address given of 10.47.20.21 is the correct address of your Domain Controller? Perhaps you can post the part of your head end config that sets up authentication?
HTH
Rick
10-04-2017 05:55 AM
Hi Richard,
it was issue with the missing following line in the config "ldap-scope subtree", after adding this one the authentication worked fine
aa-server Anyconnect protocol ldap
aaa-server Anyconnect (inside) host 10.47.20.21
ldap-base-dn DC=xx,DC=xx,DC=com
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CNxxxxxAccounts,OU=xxxi,OU=xx,OU=xx,OU=Companies,DC=xx,DC=xx,DC=com
server-type microsoft
10-04-2017 12:27 PM
Thanks for posting back to the forum to tell us that you have solved the issue and that the solution was a missing line in the config. (+5 for this very helpful update). It is good to see examples in the forum where the original poster has found the solution to their own problem and shares it with the forum.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: