cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1404
Views
0
Helpful
4
Replies
Highlighted
Beginner

Problem with authentication

I've an ASA 5505 that I'm configuring for clientless ssl-vpn. I can access the login page from a remote address as expected, but not login. I captured the log entries from the monitoring feature & saw a message stating 'AAA authentication server not accessible'. I used the TraceRt feature to determine that I can access the server hosting Active Directory, so I reviewed the servers in the AAA Server Groups. The settings appear correct: the interface is in the same VLAN as the server & the same one used in the TraceRT test; I've enabled LDAP over SSL, port 636 & can telnet to the server on that port from other devices in the VLAN; the server type is Microsoft; all the other settings appear correct for connections. I'm baffled where to look for the resolution. Any suggestions are appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Not any special recommendations, but I think the best would be to do logging to buffer so:

conf t

logging buffer debug

logg enable

debug aaa authentication

debug ldap 255

But please remember that if this box is handling a lot of authentications requests it might affect the performance.

View solution in original post

4 REPLIES 4
Highlighted
Cisco Employee

I think you should try to do some debugs:

debug aaa authentication

debug ldap (later debug ldap 255 if nothing there)

Highlighted

Do you have some recommendations on how to do the debugging?

Highlighted

Not any special recommendations, but I think the best would be to do logging to buffer so:

conf t

logging buffer debug

logg enable

debug aaa authentication

debug ldap 255

But please remember that if this box is handling a lot of authentications requests it might affect the performance.

View solution in original post

Highlighted

That's what I did. Finally determined I had the wrong CN=x.