07-10-2007 02:25 AM - edited 02-21-2020 10:18 AM
Hi there
We've installed ACS 4.1 to use it for network access authentication (switches, routers) via Radius (IETF).
I setup ACS with generic ldap to verfy users from MS Active Directory.
Everything work well :-)
But how do I configure ldaps under Cisco ACS?
Thanx for help
07-10-2007 04:38 AM
Hi Bro,
Are you facing any specific issue ?
Check out these link,
ACS Windows
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs40/user/d.htm#wp354503
ACS Appliance
Regards,
~JG
07-10-2007 11:45 PM
Hi jgambhir
I have already configured acs to use generic ldap to verify users from ms active directory successfully.
I works well with normal ldap. But I want to use ldaps over port 636 between acs and active directory server.
In the section of "Generic LDAP" -> "Primary LDAP Server" I set the port to 636 and I marked "Use Secure Authentication".
But this does not work. I don't know why because I simple can connect with an ldap client to the AD Server over ldaps and port 636 but not from acs ????
What could be the reason?
I installed the intermediate certificate in Windows 2003 Server successfully...
Any help are appreciated
bb
07-11-2007 04:52 AM
Hi BB,
Please ensure the cert is installed correctly. Did you generate cert7.db file ?
How to generate "cert7.db" file :
1. Setup the LDAP with a certificate.
2. Install Netscape 4.x (this creates the cert7.db file, which is just a database of
certs)
3. Browse to https://servername:636 with the netscape browser.
4. Install the certificate selecting the option "accept this certificate forever"
5. Copy the cert7.db file to another directory (like the ACS folder)
The default location of the cert7.db file is C:\Program Files\Netscape\Users\default
6. Now just enter the path to the cert7.db file in the "Certificate DB Path" field in the
configuration for your LDAP DB in ACS.
Also let me know if you are using acs windows or acs appliance as we might need to look at the detailed logs.
Regards,
~JG
07-18-2007 06:33 AM
@ jgambhir
Hi
I installed ACS on Win 2003 Server. I use "generic ldap" to connect to ms active directory. This work perfect but ldap over ssl (ldaps) does not. Watch the attachment.
I installed the intermediate certificate correctly but it does not work anyway.
There is no firewall rule who is making any problem.
What could be the problem?
Thanx for help
bb
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: