11-13-2012 08:01 AM
I've an ASA 5505 that I'm configuring for clientless ssl-vpn. I can access the login page from a remote address as expected, but not login. I captured the log entries from the monitoring feature & saw a message stating 'AAA authentication server not accessible'. I used the TraceRt feature to determine that I can access the server hosting Active Directory, so I reviewed the servers in the AAA Server Groups. The settings appear correct: the interface is in the same VLAN as the server & the same one used in the TraceRT test; I've enabled LDAP over SSL, port 636 & can telnet to the server on that port from other devices in the VLAN; the server type is Microsoft; all the other settings appear correct for connections. I'm baffled where to look for the resolution. Any suggestions are appreciated.
Solved! Go to Solution.
11-13-2012 11:59 PM
Not any special recommendations, but I think the best would be to do logging to buffer so:
conf t
logging buffer debug
logg enable
debug aaa authentication
debug ldap 255
But please remember that if this box is handling a lot of authentications requests it might affect the performance.
11-13-2012 08:41 AM
I think you should try to do some debugs:
debug aaa authentication
debug ldap (later debug ldap 255 if nothing there)
11-13-2012 08:46 AM
Do you have some recommendations on how to do the debugging?
11-13-2012 11:59 PM
Not any special recommendations, but I think the best would be to do logging to buffer so:
conf t
logging buffer debug
logg enable
debug aaa authentication
debug ldap 255
But please remember that if this box is handling a lot of authentications requests it might affect the performance.
11-14-2012 05:19 AM
That's what I did. Finally determined I had the wrong CN=x.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: