Integration problem between Cisco Seure ACS 4.2 with LDAP

Unanswered Question
Jun 8th, 2008
User Badges:

Hi expert,


I have a problem with the integration between Cisco Secure ACS 4.2 with SUN Java System Directory (LDAP). During the integration, I noticed that user failed to authenticate against LDAP via Cisco Secure ACS. The error message is "Authentication Type is not supported by external DB". In this case the "external DB" refer to LDAP. Anyone of you having an experience on integration on both product before? Can any of you give me some pointers about this. Attached are both screen capture on my ACS server.


Thanks very much,


Daniel



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Jagdeep Gambhir Mon, 06/09/2008 - 05:59
User Badges:
  • Red, 2250 points or more

Is this a new config ? was this thing working on previous code ?


Make sure there is no auth protocol mismatch, like chap/pap etc.



Regards.

~JG

alexals Mon, 06/09/2008 - 16:53
User Badges:

Hi, thanks for your reply. Yes. This is a new config. I found out from Cisco documentation regarding integrating ACS with LDAP which stated only certain auth protocol is supported by LDAP. If it is true then I have to find out whether the SUN Java System Directory supports additional auth protocol such as EAP-MD5, MS-CHAP and etc. By the way, anyone has an experience integrating ACS with SUN Java System Directory? Thanks again.

alexals Tue, 06/10/2008 - 17:35
User Badges:

Hi,


Thanks for the compatibility chart. Oh dear ..., it seems that the LDAP does not supports PEAP (EAP-MS CHAPv2) at all. Am not sure if the latest LDAP (particularly for SUN Java System Directory) able to support this authentication protocol.

Just to clarify with you all just in case if you wonder what I'm trying to do; our company wants to implement 802.1x over the network. So, every staff on the network must authenticated before able to access the network resources. Our Linksys switches supports this standard including Cisco switches of course. Our RADIUS server is Cisco Secure ACS 4.2 but all those users information including username and passwords are stored in our directory server (LDAP) which is SUN Java System Directory.


Since most of our staff machines are running on XP and Vista, the only available authentication method (beside certificate based) is PEAP (EAP-MSCHAPv2). Based on the compatibility chart, the generic LDAP does not supports this authentication protocol as what we noted the "authentication type not supported by external database" error message in the ACS logs.


From what I learned that the latest LDAP (version 3.0?) able to support this authentication protocol, but yet to be confirmed on my further research.


So... Anyone can advice me on this matter? Thanks very much !


Actions

This Discussion