Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco CDA- Cisco Directory Agent

Hello All,

I am trying to implement CDA. And am hitting some road blockers. I am following the below link for the same.

http://www.cisco.com/c/en/us/td/docs/security/ibf/cda_10/Install_Config_guide/cda10/cda_install.html#pgfId-1063655
 
 
1.In this i covered all the sections .But still :-

-When i am adding AD on my CDA it doesnt get connected and become green.
 
( -the firewall its already disabled 
-Hotfixes are already in place
-telnet to 636 on AD server is also fine.)

2. Then for ASA config i gave the below and tried to test asa-cda connection. That also failed. (Note:reachability of asa-cda is working fine)
 
aaa-server adserver protocol ldap
aaa-server adserver (inside) host x.x.x.x
server-port 636
ldap-group-base-dn CN=Administrator,OU=Users,DC=cisco.com
ldap-scope subtree
ldap-login-password *****
ldap-login-dn CN=Administrator,OU=Users,DC=cisco.com
ldap-over-ssl enable
server-type microsoft
group-search-timeout 300
 
aaa-server adagent protocol radius
ad-agent-mode
aaa-server adagent (inside) host x.x.x.x
key *****
user-identity ad-agent aaa-server adagent
test aaa-server ad-agent
 
user-identity default-domain SAMPLE
user-identity domain SAMPLE aaa-server ds
user-identity action domain-controller-down SAMPLE disable-user-identity-rule
user-identity ad-agent aaa-server adagent
user-identity enable
user-identity logout-probe netbios local-system probe-time minutes 10 retry-interval seconds 10 retry-count 2 user-not-needed
user-identity inactive-user-timer minutes 120
user-identity poll-import-user-group-timer hours 1
user-identity action netbios-response-fail remove-user-ip
user-identity user-not-found enable
user-identity action ad-agent-down disable-user-identity-rule
user-identity action mac-address-mismatch remove-user-ip
user-identity ad-agent active-user-database full-download
user-identity ad-agent hello-timer seconds 20 retry-times 3
 
Regards,
-Mateen

216
Views
0
Helpful
0
Replies