Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1337
Views
0
Helpful
4
Replies

configuring an alias

Go to solution
mickyq
Level 1
Level 1

‎01-29-2016 03:57 AM

The goal is to use one URL and be prompted to select which domain to login to.

I create an alias in the connection profile

create a connection profile with authentication to a new ldap server in server groups.

when testing the LDAP authentication on the asdm i get authentication rejected: unspecified

CLI debug ldap 255 output:

[-2147483574] Session Start
[-2147483574] New request Session, context 0x00007ffe60a2d7c8, reqType = Authentication
[-2147483574] Fiber started
[-2147483574] Creating LDAP context with uri=ldap://192.168.44.200:389
[-2147483574] Connect to LDAP server: ldap://192.168.44.200:389, status = Successful
[-2147483574] supportedLDAPVersion: value = 3
[-2147483574] supportedLDAPVersion: value = 2
[-2147483574] Binding as vpnaccount
[-2147483574] Performing Simple authentication for vpnaccount to 192.168.44.200
[-2147483574] LDAP Search:
Base DN = [DC=NEWDom,DC=co,DC=uk]
Filter = [vpnaccount=720310]
Scope = [SUBTREE]
[-2147483574] Search result parsing returned failure status
[-2147483574] Fiber exit Tx=280 bytes Rx=844 bytes, status=-1
[-2147483574] Session End

I know you cant tell the problem from this info but if anyone can point me to what to look at it would be appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Boris Uskov
Level 4
Level 4

‎01-29-2016 04:15 AM

Hello, Michael!

I think, a strange line is:

Filter = [vpnaccount=720310]

I believe, there should be something like this:

Filter  = [sAMAccountName=vpnaccount]

I advice you to check LDAP attribute map. Please, see the following example:

https://supportforums.cisco.com/document/139241/remote-access-vpn-asa-authentication-using-ldap-server

Hope this helps.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Boris Uskov
Level 4
Level 4

‎01-29-2016 04:15 AM

Hello, Michael!

I think, a strange line is:

Filter = [vpnaccount=720310]

I believe, there should be something like this:

Filter  = [sAMAccountName=vpnaccount]

I advice you to check LDAP attribute map. Please, see the following example:

https://supportforums.cisco.com/document/139241/remote-access-vpn-asa-authentication-using-ldap-server

Hope this helps.

0 Helpful

Go to solution
mickyq
Level 1
Level 1
In response to Boris Uskov

‎02-03-2016 01:36 AM

Hi Boris

I have created an account called vpnaccount in AD instead of the sAMAccountname for the binding. I assumed the samaccountname was just the name of the account. does it do something more than a normal account name?

my account name is the 720310

thanks

0 Helpful

Go to solution
Boris Uskov
Level 4
Level 4
In response to mickyq

‎02-03-2016 01:59 AM

Hello, Michael.

"sAMAccountname" is the attribute of a record inside Active Directory. Please, check the following MS reference:

https://msdn.microsoft.com/en-us/library/windows/desktop/ms677605(v=vs.85).aspx

You should use this attribute in your configuration of LDAP server on Cisco ASA.

Please, check the "sAMAccountname" for the account "vpnaccount" in your Active Directory.

Also, if it is possible, you can post the whole ASA's configuration here, so we'll be able to take a brief look at it.

0 Helpful

Go to solution
mickyq
Level 1
Level 1

‎02-03-2016 03:18 AM

Hi Boris

I have removed the vpnaccount and replaced it with the sAMAccountname and its working.

many thanks.

0 Helpful
Customers Also Viewed These Support Documents