Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1048
Views
0
Helpful
3
Replies

troubleshooting LDAP authentication

paul_brighter
Level 1
Level 1

‎04-07-2015 08:55 AM

Actually, the LDAP authentication is working, which I can see with "debug ldap 255".

However, the user is disconnected after LDAP authentication succeeds:

[397] Authentication successful for ldaptestuser to XXX.XXX.XXX.XXX

I'm not sure how to troubleshoot this further.  I am not a network engineer.

Local users can connect to the VPN successfully.  I'm trying to use the same group policy for the LDAP users, but something is not working right and I'm looking for guidance on how to debug this.

I currently do not have and LDAP attribute map configured.  I did have one and it showed in the log as expected, but I'm trying to keep it as simple as possible for now and just allow any LDAP user access and everyone uses the same group access.

The one thing I think it might be is that our LDAP server is not internal.  Could that make the difference for the group policy?

Labels:
0 Helpful
3 Replies 3

SHIBI V DEV
Level 1
Level 1

‎04-07-2015 11:49 PM

Have you configured authentication in tunnel-group

tunnel-group <tunnel-group-name> general-attributes
 authentication-server-group <ldap-name>

Please try below command and check are you getting ,AD group listing

show ad-groups <ldap-name>

0 Helpful

paul_brighter
Level 1
Level 1
In response to SHIBI V DEV

‎04-08-2015 07:01 AM

Yes, AFAIK the authentication would not work with out the tunnel-group being configured.

As far as ad-groups goes, this is not an Active Directory server.

But you did make me look in the right place.

I had:

tunnel-group LDAP_GROUP general-attributes
 authentication-server-group LDAP_SRV_GRP
 default-group-policy RA_GROUP

which I noticed was missing the address-pool.  That explains everything.  Authentication was working but the user was not getting an address.

Added that and it works nicely now.

 

0 Helpful

paul_brighter
Level 1
Level 1

‎04-08-2015 07:05 AM

I cannot figure out how to mark my reply to SHIBI V DEV as the answer.

So creating this reply to mark as the answer telling you to look at my other reply.

EDIT: OK.  That didn't work either.  Not sure how to mark my reply as the answer.

0 Helpful
Customers Also Viewed These Support Documents