Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN client authentication against Active Directory

Hi,

I want to authenticate VPN clients against Active Directory on Windows Server 2008. If I got it right I can do LDAP authentication only via PAP (which sends plain text password). Is this a limitation of Cisco ASA or LDAP itself? Would you suggest to use RADIUS instead?

Thank you!

Petar Koraca

2 REPLIES
Cisco Employee

VPN client authentication against Active Directory

Petar,

ASA can talk to AD via LDAP over SSL, as far as security goes ;-)

RADIUS is neat for network usage, but typically in a big organization one would have once centralized user database, more often than not it's a AD ;-)

Benefit of RADIUS over AD is easy push of additional addtributes.

Marcin

New Member

Re: VPN client authentication against Active Directory

Thanks!

However, I tried configuration with LDAP and I have following errors (debug ldap 255):

[25] Session Start

[25] New request Session, context 0xcb542fa0, reqType = Authentication

[25] Fiber started

[25] Failed: The username or password is blank

[25] Fiber exit Tx=0 bytes Rx=0 bytes, status=-3

[25] Session End

Configuration is in attachment.

I'll try RADIUS tomorrow, but it would be nice to have both solutions

Cheers,

Petar Koraca

1248
Views
5
Helpful
2
Replies