Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Identity Options in ASA


I am testing "Identity Options" with IDFW Step by Step configuraiton.

I could finish installing and configuring AD agent and Identity options but I could not get an authenciation from a domain controller.

I can find my name in the domain controller but when I try to get an authentication from the DC, ASA says "Authentication Rejected: User was not found". When I configured the domain controller as AAA server with protocol "NT Domain" under Device Manangement > Users/AAA > AAA server Groups and ran "Test" button, I could get my account authenticated by the domain controller.

Could you guys please give me some tips how to break this problem?

Here is how I did a test.

Test_ASA# test aaa-server authentication AD1 username richard password cisco123
Server IP Address or name:
INFO: Attempting Authentication test to IP address <> (timeout: 12 seconds)

[3622] Session Start
[3622] New request Session, context 0x76821678, reqType = Authentication
[3622] Fiber started
[3622] Creating LDAP context with uri=ldaps://
[3622] Connect to LDAP server: ldaps://, status = Successful
[3622] supportedLDAPVersion: value = 3
[3622] supportedLDAPVersion: value = 2
[3622] Binding as administrator
[3622] Performing Simple authentication for administrator to
[3622] LDAP Search:
        Base DN = [DC=sulu, DC=local]
        Filter  = [sAMAccountName=richard]
        Scope   = [ONE LEVEL]
[3622] User richard not found
[3622] Fiber exit Tx=250 bytes Rx=750 bytes, status=-1
[3622] Session End
ERROR: Authentication Rejected: User was not found

Cisco Employee

Identity Options in ASA

Does this user richard exist under sulu? This ID is and admin ID?

Follow this link and configure every step as I mentioned and let us know if you run into any issues.


CreatePlease login to create content