So last week I was playing around with and learning Cisco ACS and Radius Authentication on my ASA.
This week I'm trying to figure out LDAP authentication on my ASA.
I setup a test AD Win2k3 Server and configured my ASA as follows:
aaa-server AD-SERVER protocol ldap
aaa-server AD-SERVER (inside) host 10.33.85.177
ldap-base-dn DC=test, DC=internal
ldap-group-base-dn CN=Users, DC=test, DC=internal
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CN=Administrator, CN=Users, DC=test, DC=internal
server-type microsoft
Everything looks good, my asa can ping the AD server. But I run a test aaa-server authentication against it and I just keep getting the following output.
INFO: Attempting Authentication test to IP address <10.33.85.177> (timeout: 12 seconds)
ERROR: Authentication Rejected: User was not found
I'm not sure what exactly the problem is. Perhaps my ldap configuration is wrong? Everything in AD is setup standard out of the box, my domain is test.internal. Any thoughts?
