06-08-2008 09:50 PM - edited 03-10-2019 03:53 PM
Hi expert,
I have a problem with the integration between Cisco Secure ACS 4.2 with SUN Java System Directory (LDAP). During the integration, I noticed that user failed to authenticate against LDAP via Cisco Secure ACS. The error message is "Authentication Type is not supported by external DB". In this case the "external DB" refer to LDAP. Anyone of you having an experience on integration on both product before? Can any of you give me some pointers about this. Attached are both screen capture on my ACS server.
Thanks very much,
Daniel
06-09-2008 05:59 AM
Is this a new config ? was this thing working on previous code ?
Make sure there is no auth protocol mismatch, like chap/pap etc.
Regards.
~JG
06-09-2008 04:53 PM
Hi, thanks for your reply. Yes. This is a new config. I found out from Cisco documentation regarding integrating ACS with LDAP which stated only certain auth protocol is supported by LDAP. If it is true then I have to find out whether the SUN Java System Directory supports additional auth protocol such as EAP-MD5, MS-CHAP and etc. By the way, anyone has an experience integrating ACS with SUN Java System Directory? Thanks again.
06-10-2008 04:46 AM
Here is the compatibility chart,
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user02/o.htm#wp623289
Regards,
~JG
Do rate helpful posts
06-10-2008 05:35 PM
Hi,
Thanks for the compatibility chart. Oh dear ..., it seems that the LDAP does not supports PEAP (EAP-MS CHAPv2) at all. Am not sure if the latest LDAP (particularly for SUN Java System Directory) able to support this authentication protocol.
Just to clarify with you all just in case if you wonder what I'm trying to do; our company wants to implement 802.1x over the network. So, every staff on the network must authenticated before able to access the network resources. Our Linksys switches supports this standard including Cisco switches of course. Our RADIUS server is Cisco Secure ACS 4.2 but all those users information including username and passwords are stored in our directory server (LDAP) which is SUN Java System Directory.
Since most of our staff machines are running on XP and Vista, the only available authentication method (beside certificate based) is PEAP (EAP-MSCHAPv2). Based on the compatibility chart, the generic LDAP does not supports this authentication protocol as what we noted the "authentication type not supported by external database" error message in the ACS logs.
From what I learned that the latest LDAP (version 3.0?) able to support this authentication protocol, but yet to be confirmed on my further research.
So... Anyone can advice me on this matter? Thanks very much !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide