Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5580 Adaptive Security Appliance
  5. Technical Manual

Cisco Cisco ASA 5580 Adaptive Security Appliance Technical Manual

Download
Page of 9
DC=ftwsecurity,DC=cisco,DC=com [106]  memberOf: value =
CN=Contractors,CN=Users,DC=ftwsecurity,DC=cisco,DC=com
[106]           mapped to IETF-Radius-Class: value = ExamplePolicy2
[106]   uSNChanged: value = 20499
[106]   name: value = Ben Linus
[106]   objectGUID: value = ..j...5@.z.|...n
[106]   userAccountControl: value = 66048
[106]   badPwdCount: value = 0
[106]   codePage: value = 0
[106]   countryCode: value = 0
[106]   badPasswordTime: value = 0
[106]   lastLogoff: value = 0
[106]   lastLogon: value = 0
[106]   pwdLastSet: value = 128316677201718750
[106]   primaryGroupID: value = 513
[106]   objectSid: value = ............Q..p..*.p?E.^...
[106]   accountExpires: value = 9223372036854775807
[106]   logonCount: value = 0
[106]   sAMAccountName: value = ben
[106]   sAMAccountType: value = 805306368
[106]   userPrincipalName: value = ben@ftwsecurity.cisco.com
[106]   objectCategory: value = CN=Person,CN=Schema,CN=Configuration,
   DC=ftwsecurity,DC=cisco,DC=com
[106]   dSCorePropagationData: value = 20070815195243.0Z
[106]   dSCorePropagationData: value = 20070815195243.0Z
[106]   dSCorePropagationData: value = 20070815195243.0Z
[106]   dSCorePropagationData: value = 16010108151056.0Z
[106] Fiber exit Tx=680 bytes Rx=2642 bytes, status=1
[106] Session End
Troubleshoot
Use this section in order to troubleshoot your configuration.
Attribute Names and Values are Case-Sensitive
Attribute names and values are case-sensitive. If your mapping does not occur properly, be certain
that you use the correct spelling and capitalization in your LDAP attribute map for both the Cisco
and LDAP attribute names and values.
ASA is Not Able to Authenticate Users from the LDAP Server
The ASA is not able to authenticate users from the LDAP server. Here are the debugs:
ldap 255 output:[1555805] Session Start[1555805] New request Session, context 0xcd66c028,
reqType = 1[1555805] Fiber started[1555805] Creating LDAP context with
uri=ldaps://172.30.74.70:636[1555805] Connect to LDAP server: ldaps://172.30.74.70:636, status =
Successful[1555805] supportedLDAPVersion: value = 3[1555805] supportedLDAPVersion: value =
2[1555805] Binding as administrator[1555805] Performing Simple authentication for sysservices to
172.30.74.70[1555805] Simple authentication for sysservices returned code (49) Invalid
credentials[1555805] Failed to bind as administrator returned code (-1) Can't contact LDAP
server[1555805] Fiber exit Tx=222 bytes Rx=605 bytes, status=-2[1555805] Session End
As for the debugs, either the LDAP Login DN format is incorrect or the password is incorrect so
verify both in order to resolve the issue.