Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CSM 4.5 Identity Settings (AD Agent) problems

I wonder if anyone can help me with this problem.

I am trying to configure the AD lookup agent onto my firewall estate (too many users insist on moving who have firewall rules set by IP address).

On a test firewall I have the agent working perfectly doing the lookups on the AD domain for the usernames and then using the agent to match IP addresses and usernames together.

So the firewall is working as expected.

However the Cisco Security Manager (v4.5) side is another matter...

The firewall has been imported in and the AD-Server-group and AAA-Server records have imported correctly.

However when I go to configure CSM to use the options we have a problem.

I have gone into Cisco Security Manager - Administration

Then down to identity settings.

I have added an AD server group using the domain INSURANCE (same as the agent is configured on the firewall) and using the same object as the firewall.

The default domain has been set as INSURANCE

Route query is via CSM Client (however the changing this to server doesn't make any difference)settings.png

All looks fine here, however clicking selecting the entry in the table and clicking test brings the following error message up.

message.PNG

I have run a wireshark on my machine and I can see an LDAP request going via my machine, however this contains the AD login, and bizzarely the login password (even though it is an SSL connection, but no more data.

We didn't change any settings on the domain controller, and the same account works on the firewall.

Does anyone have any suggestions please?

Thanks in advance

Giles Cooper

589
Views
0
Helpful
0
Replies
CreatePlease to create content