Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2762
Views
0
Helpful
4
Replies

Problem with authentication

Go to solution
ticketreturn
Level 1
Level 1

‎11-13-2012 08:01 AM

I've an ASA 5505 that I'm configuring for clientless ssl-vpn. I can access the login page from a remote address as expected, but not login. I captured the log entries from the monitoring feature & saw a message stating 'AAA authentication server not accessible'. I used the TraceRt feature to determine that I can access the server hosting Active Directory, so I reviewed the servers in the AAA Server Groups. The settings appear correct: the interface is in the same VLAN as the server & the same one used in the TraceRT test; I've enabled LDAP over SSL, port 636 & can telnet to the server on that port from other devices in the VLAN; the server type is Microsoft; all the other settings appear correct for connections. I'm baffled where to look for the resolution. Any suggestions are appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pkupisie
Cisco Employee
Cisco Employee
In response to ticketreturn

‎11-13-2012 11:59 PM

Not any special recommendations, but I think the best would be to do logging to buffer so:

conf t

logging buffer debug

logg enable

debug aaa authentication

debug ldap 255

But please remember that if this box is handling a lot of authentications requests it might affect the performance.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
pkupisie
Cisco Employee
Cisco Employee

‎11-13-2012 08:41 AM

I think you should try to do some debugs:

debug aaa authentication

debug ldap (later debug ldap 255 if nothing there)

0 Helpful

Go to solution
ticketreturn
Level 1
Level 1
In response to pkupisie

‎11-13-2012 08:46 AM

Do you have some recommendations on how to do the debugging?

0 Helpful

Go to solution
pkupisie
Cisco Employee
Cisco Employee
In response to ticketreturn

‎11-13-2012 11:59 PM

Not any special recommendations, but I think the best would be to do logging to buffer so:

conf t

logging buffer debug

logg enable

debug aaa authentication

debug ldap 255

But please remember that if this box is handling a lot of authentications requests it might affect the performance.

0 Helpful

Go to solution
ticketreturn
Level 1
Level 1
In response to pkupisie

‎11-14-2012 05:19 AM

That's what I did. Finally determined I had the wrong CN=x.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents