Re: test aaa authentication on FTD with LADPs setting failed

matthias.normann · ‎08-04-2022

Hello,

i have configured my Firepower 2110 using FMC for RA VPN.

Realm (AD Type) ist configured

Directory Server via LDAPs working fine. I copied the CA Certificate successfully from DC.

But from FTD Cli when i use the command

test aaa-server authentication SCM-AD host SCM-DC1.solutioncenter-munich.de username Administrator password *****

following message i get:

INFO: Attempting Authentication test to IP address (172.16.1.150) (timeout: 12 seconds)
ERROR: Authentication Error: No active server found

Does someone know what does it means "Authentication Error": No active server found" ?

check with show aaa-server i see following:

Server Group: SCM-AD
Server Protocol: ldap
Server Hostname: SCM-DC1.solutioncenter-munich.de
Server Address: 172.16.1.150
Server port: 636
Server status: ACTIVE, Last transaction at 15:50:16 UTC Thu Aug 4 2022
Number of pending requests 0
Average round trip time 0ms
Number of authentication requests 3
Number of authorization requests 0
Number of accounting requests 0
Number of retransmissions 0
Number of accepts 0
Number of rejects 0
Number of challenges 0
Number of bad authenticators 0
Number of timeouts 0
Number of unrecognized responses 0

Hope someone can help.

Thanks

Matthias

Jimmywick · ‎08-16-2022

ASA cannot bind to active directory, either because;

The ASA bind account password is wrong.
The ASA bind username, (or path to the user object) is wrong.
You have set the LDAP server group to use LDAPS (port 636) and the server specified as an LDAP host is not authenticating via LDAPS.
There is no connectivity between the ASA and the LDAP server.

Regards,
j Wick