Cisco Cisco Firepower Management Center 4000
48-13
FireSIGHT System User Guide
Chapter 48 Managing Users
Managing Authentication Objects
For example, to test to see if you can retrieve the
JSmith
user credentials at the Example company, type
JSmith.
Step 14
Click
Test
to test the connection.
A message appears, either indicating success of the test or detailing what settings are missing or need to
be corrected. If the test succeeds, the test output appears at the bottom of the page, including a list of the
users retrieved by the connection. If the number of users that appear in the test output is limited by the
number of user records your LDAP server returns, the test output indicates this limitation.
be corrected. If the test succeeds, the test output appears at the bottom of the page, including a list of the
users retrieved by the connection. If the number of users that appear in the test output is limited by the
number of user records your LDAP server returns, the test output indicates this limitation.
Step 15
You have two options:
•
If the test succeeds, click
Save
.
The Login Authentication page appears, with the new object listed.
To enable LDAP authentication using the object on an appliance, you must apply a system policy
with that object enabled to the appliance. For more information, see
with that object enabled to the appliance. For more information, see
and
.
•
If the test fails, or if you want to refine the list of users retrieved, continue with the next section,
.
Tuning Your LDAP Authentication Connection
License:
Any
If you create an LDAP authentication object and it either does not succeed in connecting to the server
you select, or does not retrieve the list of users you want, you can tune the settings in the object.
you select, or does not retrieve the list of users you want, you can tune the settings in the object.
If the connection fails when you test it, try the following suggestions to troubleshoot your configuration:
•
Use the messages displayed at the top of the screen and in the test output to determine which areas
of the object are causing the issue.
of the object are causing the issue.
•
Check that the user name and password you used for the object are valid:
•
Check that the user has the rights to browse to the directory indicated in your base distinguished
name by connecting to the LDAP server using a third-party LDAP browser.
name by connecting to the LDAP server using a third-party LDAP browser.
•
Check that the user name is unique to the directory information tree for the LDAP server.
•
Check that the user name contains only underscores, periods, hyphens, and alphanumeric characters.
•
If you see an LDAP bind error 49 in the test output, the user binding for the user failed. Try
authenticating to the server through a third-party application to see if the binding fails through that
connection as well.
authenticating to the server through a third-party application to see if the binding fails through that
connection as well.
•
Check that you have correctly identified the server:
•
Check that the server IP address or host name is correct.
•
Check that you have TCP/IP access from your local appliance to the authentication server where you
want to connect.
want to connect.
•
Check that access to the server is not blocked by a firewall and that the port you have configured in
the object is open.
the object is open.
•
If you are using a certificate to connect via TLS or SSL, the host name in the certificate must match
the host name used for the server.
the host name used for the server.
•
Check that you have not used an IPv6 address for the server connection if you are authenticating
shell access.
shell access.