Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Identity Options in ASA

Hello,

I am testing "Identity Options" with IDFW Step by Step configuraiton.

I could finish installing and configuring AD agent and Identity options but I could not get an authenciation from a domain controller.

I can find my name in the domain controller but when I try to get an authentication from the DC, ASA says "Authentication Rejected: User was not found". When I configured the domain controller as AAA server with protocol "NT Domain" under Device Manangement > Users/AAA > AAA server Groups and ran "Test" button, I could get my account authenticated by the domain controller.

Could you guys please give me some tips how to break this problem?


Here is how I did a test.


Test_ASA# test aaa-server authentication AD1 username richard password cisco123
Server IP Address or name: 192.168.1.1
INFO: Attempting Authentication test to IP address <192.168.1.1> (timeout: 12 seconds)

[3622] Session Start
[3622] New request Session, context 0x76821678, reqType = Authentication
[3622] Fiber started
[3622] Creating LDAP context with uri=ldaps://192.168.1.1:636
[3622] Connect to LDAP server: ldaps://192.168.1.1:636, status = Successful
[3622] supportedLDAPVersion: value = 3
[3622] supportedLDAPVersion: value = 2
[3622] Binding as administrator
[3622] Performing Simple authentication for administrator to 192.168.1.1
[3622] LDAP Search:
        Base DN = [DC=sulu, DC=local]
        Filter  = [sAMAccountName=richard]
        Scope   = [ONE LEVEL]
[3622] User richard not found
[3622] Fiber exit Tx=250 bytes Rx=750 bytes, status=-1
[3622] Session End
ERROR: Authentication Rejected: User was not found

1 REPLY
Cisco Employee

Identity Options in ASA

Does this user richard exist under sulu? This ID is and admin ID?

Follow this link and configure every step as I mentioned and let us know if you run into any issues.

https://supportforums.cisco.com/docs/DOC-20366/

-Kurel

495
Views
0
Helpful
1
Replies
CreatePlease login to create content