AAA acs 4.1 to generic ldap

Unanswered Question
Jul 10th, 2007

Hi there

We've installed ACS 4.1 to use it for network access authentication (switches, routers) via Radius (IETF).

I setup ACS with generic ldap to verfy users from MS Active Directory.

Everything work well :-)

But how do I configure ldaps under Cisco ACS?

Thanx for help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bigbrother74 Tue, 07/10/2007 - 23:45

Hi jgambhir

I have already configured acs to use generic ldap to verify users from ms active directory successfully.

I works well with normal ldap. But I want to use ldaps over port 636 between acs and active directory server.

In the section of "Generic LDAP" -> "Primary LDAP Server" I set the port to 636 and I marked "Use Secure Authentication".

But this does not work. I don't know why because I simple can connect with an ldap client to the AD Server over ldaps and port 636 but not from acs ????

What could be the reason?

I installed the intermediate certificate in Windows 2003 Server successfully...

Any help are appreciated

bb

Jagdeep Gambhir Wed, 07/11/2007 - 04:52

Hi BB,

Please ensure the cert is installed correctly. Did you generate cert7.db file ?

How to generate "cert7.db" file :

1. Setup the LDAP with a certificate.

2. Install Netscape 4.x (this creates the cert7.db file, which is just a database of

certs)

3. Browse to https://servername:636 with the netscape browser.

4. Install the certificate selecting the option "accept this certificate forever"

5. Copy the cert7.db file to another directory (like the ACS folder)

The default location of the cert7.db file is C:\Program Files\Netscape\Users\default

6. Now just enter the path to the cert7.db file in the "Certificate DB Path" field in the

configuration for your LDAP DB in ACS.

Also let me know if you are using acs windows or acs appliance as we might need to look at the detailed logs.

Regards,

~JG

bigbrother74 Wed, 07/18/2007 - 06:33

@ jgambhir

Hi

I installed ACS on Win 2003 Server. I use "generic ldap" to connect to ms active directory. This work perfect but ldap over ssl (ldaps) does not. Watch the attachment.

I installed the intermediate certificate correctly but it does not work anyway.

There is no firewall rule who is making any problem.

What could be the problem?

Thanx for help

bb

Attachment: 

Actions

This Discussion