Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Clean Access Manager Lite with LDAP

Hi, I am currently trying to seutp LDAP authentication for my Clean Access Agents but having some difficulty on the AD Side. Using an administrators credentials, I have added the Auth Server and using the same credentials I can do the Auth Test on this AD Server. If I try to do the Auth Test with a regular user however, it fails with a naming Error. The Userid I am testing with has an underscore as part of the name, has this ever been known to cause problems with AD? I have no experience with ldap so relying on our server guys to provide the information.


Re: Clean Access Manager Lite with LDAP

These problems usually come down to ports not being open on the clean access server that the workstation is attempting to use while loading the profile. So, make sure the following ports are open:

For each domain controller open the following ports:

TCP 88

TCP 135

TCP 389

TCP 445

TCP 1025

TCP 1026

UDP 88

UDP 389

UDP 636

Icmp to all domain controllers in the infrastructure NTP to all domain controllers

New Member

Re: Clean Access Manager Lite with LDAP

Hi Sam, Thanks for the reply. There is no firewall between the Manager and the Domain Controllers. Is there any specific level of access needed other than domain users, to be able to authenticate against ldap? I got our server guy to authenticate successfully with a domain admin ID and a slightly lower level of authorization ID, however my ID and my colleague's ID which are regular Domain Users only, cannot authenticate. I have done single finger typing of password also to make sure it is not Large Thumb Syndrome :)