04-28-2015 07:43 AM
Hello all.
We have configured clientless SSL WebVPN portal access on an ASA5525 using LDAP authentication with an AD server. Everything is fine until we enable LDAP over SSL to allow users to change an expired password. They just get login error everytime even if their password is OK.
The systems team have installed the necessary certificate on the AD server.
In the ASDM log I get
AAA Marking LDAP server joffrey.pcmtu.keele.ac.uk in aaa-server group CTU_LDAP04 as FAILED
AAA Marking LDAP server 172.16.0.10 in aaa-server group CTU_LDAP04 as ACTIVE
On the ASA, I get the following debug ldap 255
[50] Session Start
[50] New request Session, context 0x00007fffddc99a60, reqType = Authentication
[50] Fiber started
[50] Creating LDAP context with uri=ldaps://172.16.0.10:636
[50] Connect to LDAP server: ldaps://172.16.0.10:636, status = Failed
[50] Unable to read rootDSE. Can't contact LDAP server.
[50] Fiber exit Tx=0 bytes Rx=0 bytes, status=-2
[50] Session End
On the AD server, the systems team report TLS Fatal Alert Code 48 which is . . .
Received a valid certificate chain or partial chain, but the certificate was not accepted because the CA certificate could not be located or could not be matched with a known, trusted CA. This message is always fatal.
Can anyone shed some light on where we need to look.
Thanks. Richard.
Solved! Go to Solution.
04-28-2015 10:58 PM
Richard,
This could be due to:
https://tools.cisco.com/bugsearch/bug/CSCus71190/?reffering_site=dumpcr
M.
04-28-2015 10:58 PM
Richard,
This could be due to:
https://tools.cisco.com/bugsearch/bug/CSCus71190/?reffering_site=dumpcr
M.
05-07-2015 08:24 AM
Moved to one of the versions that are known to work and the issue went away. many thanks.
07-07-2015 05:28 AM
Hi!
How do i fix this bug if I use old version of ASA? I have two same 5510, 8.4(4)1, one has this problem and other one hasn't.
07-08-2015 02:15 AM
Reverting to 8.4.1 saved this situation.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide