In this enviroment secured communications with the directory server is requried. There is also a load balancer involved when communicating with Active Directory servers so using Kerberos with Active Directory Fails when pointing to AD through the load balancer. It works fine when we bypass the load balancer. The Search Filter used is able to pull all the desired user from a specific group I've set up.
Example that works when using AD with or w/o Kerberos Authentications:
They simply need to be able to use LDAP over SSL. Since LDAP with SSL works through the load balancer and we know the load balancer breaks AD Kerberos but does not break Unsecure AD the only option for them is to LDAP with SSL. This achieves the secure connection to AD through the load balancer. The only thing I need to figure out is the proper search string configuration to pull the users as stated above.
When using unsecure LDAP and grabbing the packets I see the LDAP queries going to the DC and the DC returning a response. But no user information is contained but 0 matches. So any help with the TMS configuration of LDAP will help immensly. This is mocked up in my lab for easy comparison.
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: firstname.lastname@example.org Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...