Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Integration problem between Cisco Seure ACS 4.2 with LDAP

Hi expert,

I have a problem with the integration between Cisco Secure ACS 4.2 with SUN Java System Directory (LDAP). During the integration, I noticed that user failed to authenticate against LDAP via Cisco Secure ACS. The error message is "Authentication Type is not supported by external DB". In this case the "external DB" refer to LDAP. Anyone of you having an experience on integration on both product before? Can any of you give me some pointers about this. Attached are both screen capture on my ACS server.

Thanks very much,

Daniel

4 REPLIES

Re: Integration problem between Cisco Seure ACS 4.2 with LDAP

Is this a new config ? was this thing working on previous code ?

Make sure there is no auth protocol mismatch, like chap/pap etc.

Regards.

~JG

New Member

Re: Integration problem between Cisco Seure ACS 4.2 with LDAP

Hi, thanks for your reply. Yes. This is a new config. I found out from Cisco documentation regarding integrating ACS with LDAP which stated only certain auth protocol is supported by LDAP. If it is true then I have to find out whether the SUN Java System Directory supports additional auth protocol such as EAP-MD5, MS-CHAP and etc. By the way, anyone has an experience integrating ACS with SUN Java System Directory? Thanks again.

Re: Integration problem between Cisco Seure ACS 4.2 with LDAP

New Member

Re: Integration problem between Cisco Seure ACS 4.2 with LDAP

Hi,

Thanks for the compatibility chart. Oh dear ..., it seems that the LDAP does not supports PEAP (EAP-MS CHAPv2) at all. Am not sure if the latest LDAP (particularly for SUN Java System Directory) able to support this authentication protocol.

Just to clarify with you all just in case if you wonder what I'm trying to do; our company wants to implement 802.1x over the network. So, every staff on the network must authenticated before able to access the network resources. Our Linksys switches supports this standard including Cisco switches of course. Our RADIUS server is Cisco Secure ACS 4.2 but all those users information including username and passwords are stored in our directory server (LDAP) which is SUN Java System Directory.

Since most of our staff machines are running on XP and Vista, the only available authentication method (beside certificate based) is PEAP (EAP-MSCHAPv2). Based on the compatibility chart, the generic LDAP does not supports this authentication protocol as what we noted the "authentication type not supported by external database" error message in the ACS logs.

From what I learned that the latest LDAP (version 3.0?) able to support this authentication protocol, but yet to be confirmed on my further research.

So... Anyone can advice me on this matter? Thanks very much !

655
Views
3
Helpful
4
Replies