Solved: VPN with LDAP in ASA 5510

galihpriyogi · ‎11-16-2008

i have problem in LDAP ASA, i want create authentication from LDAP in remote access VPN before i try, i want try LDAP local,and the problem

debug ldap 255

test aaa-server authentication ldap

Server IP Address or name: 10.40.5.2

Username: rian

Password: ******

[2] Session Start

[2] New request Session, context 0x41d1a04

starItedr

[2] Creating LDAP context with uri=ldap://10.40.5.2:389

NFO: Attempting Authentication test to IP address <10.40.5.2> (timeout: 12 seconds)

[2] Connect to LDAP server: ldap://10.40.5.2:389, status = Successful

[2] Failed to bind as administrator returned code (49) Invalid credentials

[2] Fiber exit Tx=37 bytes Rx=109 bytes, status=-2

[2] Session End

ERROR: Authentication Server not responding: Invalid password

what is problem ?

if i connect to server ldap with the username and password, i can connect. more information i have 2 domain first id.seapro.ad.crs.org, second ID (domain user login). i have use first domain not connect, and second not connect too.

plzz help me, what is problem ?

Jason Gervia · ‎11-18-2008

Good responses. 'administrator' won't be a valid login-dn in an ldap infrastructure. Follow what srue said and that will lead you down the right path.

(6 points awarded in this conversation).

View solution in original post

dcarlton · ‎11-17-2008

Your login DN has to contain the complete location of the user ID you are using. For example CN=ASAUser,OU=ServiceAccounts,DC=cisco,DC=com

Is yours set like this?

srue · ‎11-18-2008

use this command on a domain controller to find the full path of the ASAuser account:

dsquery user -samid ASAUser

Jason Gervia · ‎11-18-2008

Good responses. 'administrator' won't be a valid login-dn in an ldap infrastructure. Follow what srue said and that will lead you down the right path.

(6 points awarded in this conversation).