Playing around with LDAP authentication...
millworx
Member Posts: 290
So last week I was playing around with and learning Cisco ACS and Radius Authentication on my ASA.
This week I'm trying to figure out LDAP authentication on my ASA.
I setup a test AD Win2k3 Server and configured my ASA as follows:
Everything looks good, my asa can ping the AD server. But I run a test aaa-server authentication against it and I just keep getting the following output.
I'm not sure what exactly the problem is. Perhaps my ldap configuration is wrong? Everything in AD is setup standard out of the box, my domain is test.internal. Any thoughts?
This week I'm trying to figure out LDAP authentication on my ASA.
I setup a test AD Win2k3 Server and configured my ASA as follows:
aaa-server AD-SERVER protocol ldap aaa-server AD-SERVER (inside) host 10.33.85.177 ldap-base-dn DC=test, DC=internal ldap-group-base-dn CN=Users, DC=test, DC=internal ldap-naming-attribute sAMAccountName ldap-login-password ***** ldap-login-dn CN=Administrator, CN=Users, DC=test, DC=internal server-type microsoft
Everything looks good, my asa can ping the AD server. But I run a test aaa-server authentication against it and I just keep getting the following output.
INFO: Attempting Authentication test to IP address <10.33.85.177> (timeout: 12 seconds) ERROR: Authentication Rejected: User was not found
I'm not sure what exactly the problem is. Perhaps my ldap configuration is wrong? Everything in AD is setup standard out of the box, my domain is test.internal. Any thoughts?
Currently Reading:
CCIE: Network Security Principals and Practices
CCIE: Routing and Switching Exam Certification Guide
CCIE: Network Security Principals and Practices
CCIE: Routing and Switching Exam Certification Guide
Comments
-
millworx
Member Posts: 290
Gahhh Scratch this post. It just hit me in the face.
My ldap-base-dn statement I forgot to include CN=Users
It's amazing how just posting to this forum helps me solve my problem before I get responses. hahaCurrently Reading:
CCIE: Network Security Principals and Practices
CCIE: Routing and Switching Exam Certification Guide -
ITdude
Member Posts: 1,181 ■■■□□□□□□□
aaa-server AD-SERVER protocol ldap aaa-server AD-SERVER (inside) host 10.33.85.177 [COLOR=red] ldap-base-dn DC=test, DC=internal[/COLOR] ldap-group-base-dn CN=Users, DC=test, DC=internal ldap-naming-attribute sAMAccountName ldap-login-password ***** ldap-login-dn CN=Administrator, CN=Users, DC=test, DC=internal server-type microsoft
Everything looks good, my asa can ping the AD server. But I run a test aaa-server authentication against it and I just keep getting the following output.INFO: Attempting Authentication test to IP address <10.33.85.177> (timeout: 12 seconds) ERROR: Authentication Rejected: User was not found
I'm not sure what exactly the problem is. Perhaps my ldap configuration is wrong? Everything in AD is setup standard out of the box, my domain is test.internal. Any thoughts?
I was just about to highlight the above and then saw your answer to your question.
I usually hang out on 224.0.0.10 (FF02::A) and 224.0.0.5 (FF02::5) when I'm in a non-proprietary mood.
__________________________________________
Simplicity is the ultimate sophistication.
(Leonardo da Vinci)