Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
noc
New Member

VPN3030 authentication on ACS3.3 from LDAP

Hi, we have Cisco ACS 3.3, we use it to authenticate VPN users locally created in ACS and all works fine.

The problems start when ACS must authenticate VPN users from an external LDAP database.

When an LDAP user try to log via VPN he has: LOGIN FAILED.

In ACS log we have this entry:

01/30/2006---16:03:08---Authen failed testspec---External DB user invalid or bad password

This is the ldap configuration:

User Directory Subtree: ou=Users,ou=medicina,dc=univr,dc=it

Group Directory Subtree: ou=medicina,dc=univr,dc=it

UserObjectType:uid

UserObjectClass:posixAccount

GroupObjectType: cn

GroupObjectClass: posixGroup

Group Attribute Name: memberUid

With this configuration from ACS we can map a group from LDAP to an ACS group, but when we open this ACS group no users are presents, is this normal?

Can you help us?

Many thanks

UniVR NOC

1 REPLY
Silver

Re: VPN3030 authentication on ACS3.3 from LDAP

I am not sure if you will be able to see the ldap users on your ACS. From my understanding, ACS will contact the ldap server for authenticating users not present in the ACS. Correct me if I am wrong.

149
Views
0
Helpful
1
Replies
CreatePlease to create content