cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
877
Views
0
Helpful
4
Replies

AAA acs 4.1 to generic ldap

bigbrother74
Level 1
Level 1

Hi there

We've installed ACS 4.1 to use it for network access authentication (switches, routers) via Radius (IETF).

I setup ACS with generic ldap to verfy users from MS Active Directory.

Everything work well :-)

But how do I configure ldaps under Cisco ACS?

Thanx for help

4 Replies 4

Hi jgambhir

I have already configured acs to use generic ldap to verify users from ms active directory successfully.

I works well with normal ldap. But I want to use ldaps over port 636 between acs and active directory server.

In the section of "Generic LDAP" -> "Primary LDAP Server" I set the port to 636 and I marked "Use Secure Authentication".

But this does not work. I don't know why because I simple can connect with an ldap client to the AD Server over ldaps and port 636 but not from acs ????

What could be the reason?

I installed the intermediate certificate in Windows 2003 Server successfully...

Any help are appreciated

bb

Hi BB,

Please ensure the cert is installed correctly. Did you generate cert7.db file ?

How to generate "cert7.db" file :

1. Setup the LDAP with a certificate.

2. Install Netscape 4.x (this creates the cert7.db file, which is just a database of

certs)

3. Browse to https://servername:636 with the netscape browser.

4. Install the certificate selecting the option "accept this certificate forever"

5. Copy the cert7.db file to another directory (like the ACS folder)

The default location of the cert7.db file is C:\Program Files\Netscape\Users\default

6. Now just enter the path to the cert7.db file in the "Certificate DB Path" field in the

configuration for your LDAP DB in ACS.

Also let me know if you are using acs windows or acs appliance as we might need to look at the detailed logs.

Regards,

~JG

@ jgambhir

Hi

I installed ACS on Win 2003 Server. I use "generic ldap" to connect to ms active directory. This work perfect but ldap over ssl (ldaps) does not. Watch the attachment.

I installed the intermediate certificate correctly but it does not work anyway.

There is no firewall rule who is making any problem.

What could be the problem?

Thanx for help

bb

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: