12-22-2011 06:49 AM
Hi,
I want to authenticate VPN clients against Active Directory on Windows Server 2008. If I got it right I can do LDAP authentication only via PAP (which sends plain text password). Is this a limitation of Cisco ASA or LDAP itself? Would you suggest to use RADIUS instead?
Thank you!
Petar Koraca
12-22-2011 07:46 AM
Petar,
ASA can talk to AD via LDAP over SSL, as far as security goes ;-)
RADIUS is neat for network usage, but typically in a big organization one would have once centralized user database, more often than not it's a AD ;-)
Benefit of RADIUS over AD is easy push of additional addtributes.
Marcin
12-22-2011 08:41 AM
Thanks!
However, I tried configuration with LDAP and I have following errors (debug ldap 255):
[25] Session Start
[25] New request Session, context 0xcb542fa0, reqType = Authentication
[25] Fiber started
[25] Failed: The username or password is blank
[25] Fiber exit Tx=0 bytes Rx=0 bytes, status=-3
[25] Session End
Configuration is in attachment.
I'll try RADIUS tomorrow, but it would be nice to have both solutions
Cheers,
Petar Koraca
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide