Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1860
Views
15
Helpful
3
Replies

Anyconnect Authentication issue

abithbasha
Level 1
Level 1

‎10-02-2017 08:50 AM - edited ‎03-12-2019 04:35 AM

Hi,

 

I have newly configured Anyconnect with LDAP authentication, while trying to login on Anyconnect I get the below error. I have different profiles with authencating different Domain Controller is this could be the reason?

 

6Oct 02 201715:03:4972500786.98.10.19865223  SSL session with client outside:86.98.10.198/65223 terminated.
6Oct 02 201715:03:49113005    AAA user authentication Rejected : reason = Unspecified : server = 10.47.20.21 : user = ***** : user IP = 86.98.10.198

 

 

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎10-02-2017 11:44 AM

If you have different profiles with authenticating different Domain Controllers, do any of the profiles succeed in authentication?

 

It would seem that the issue is related to the part of the message that says "Unspecified server". Can you verify that the address given of 10.47.20.21 is the correct address of your Domain Controller? Perhaps you can post the part of your head end config that sets up authentication?

 

HTH

 

Rick

HTH

Rick
0 Helpful

abithbasha
Level 1
Level 1
In response to Richard Burts

‎10-04-2017 05:55 AM

Hi Richard,

 

it was issue with the missing following line in the config "ldap-scope subtree", after adding this one the authentication worked fine

 

aa-server Anyconnect protocol ldap
aaa-server Anyconnect (inside) host 10.47.20.21
ldap-base-dn DC=xx,DC=xx,DC=com
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CNxxxxxAccounts,OU=xxxi,OU=xx,OU=xx,OU=Companies,DC=xx,DC=xx,DC=com
server-type microsoft

Richard Burts
Hall of Fame
Hall of Fame
In response to abithbasha

‎10-04-2017 12:27 PM

Thanks for posting back to the forum to tell us that you have solved the issue and that the solution was a missing line in the config. (+5 for this very helpful update). It is good to see examples in the forum where the original poster has found the solution to their own problem and shares it with the forum.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents