Re: Authentication remote vpn with MS Active Directory (LDAP)

From: Muhammad Nasim (muhammad.nasim@gmail.com)
Date: Sat Nov 17 2007 - 08:26:42 ART

• Next message: CCIE: "Quoting the match protocol http mime string"
• Previous message: Tarun Pahuja: "Re: Authentication remote vpn with MS Active Directory (LDAP)"
• Maybe in reply to: Muhammad Nasim: "Authentication remote vpn with MS Active Directory (LDAP)"
• Next in thread: omair naim: "RE: Authentication remote vpn with MS Active Directory (LDAP)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks Tarun but the thing is that my case in my case I want to allow remote
VPN users to authenticate against only with MS AD (LDAP) not using IAS or
any other AAA.

I am almost sure that the configuration on the ASA is perfect but the
problem is that users not being able to authenticate and *debug ldap 255 *is
follow

[25] Session Start
st Session, context 0x4206e6c, reqType = 1
[25] FiberI started
[25] Creating LDAP context with uri=ldap://10.1.1.240:389
[25] Binding as administrator
[25] Performing Simple authentication for testadmin to 10.1.1.240
[25] Connect to LDAP server: ldap://1N0.1.1.240:389, status = SuccessfulF
[25] LDAP SeOarch::
       Base DN = [dc=testdc, dc=test, test =com]
       Filter = [sAMAccountName=nasim]
       Scope = [ASUBTtREE]
[25] Reqtueste form nasim repturned code (1) Operations error
[25] Fiber exit Tx=146 bytes Rx=111t bytes, status=-1
[25] Session End*ERROR: Authentication Rejected: Memory error*

I think there is some thing wrong with the MS AD configuration (giving
anonymous access to the user to search in LDAP)

Although i followed the configuration steps from the microsoft

http://support.microsoft.com/kb/320528
&
 http://support.microsoft.com/kb/326690

No luck until now

On Nov 17, 2007 2:09 PM, Tarun Pahuja <pahujat@gmail.com> wrote:

> Muhammad,
> http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml
>
>
> HTH,
> Tarun
>
> On Nov 17, 2007 5:27 AM, Muhammad Nasim <muhammad.nasim@gmail.com> wrote:
>
> > Dear All,
> >
> > I am having problem to properly configure MS active Directory to
> > integrate
> > with ASA( for users authentication vis LDAP). Can anybody point me to
> > the
> > link from where I can get step by step configuration on how to configure
> > MS
> > Active Directory to allow anonymous access to one user (i.e. admin). So
> > this
> > user can search & retrieve the credentials of all the other VPN users.
> >
> >
> > I have windows 2003 R2.
> >
> > TIA
> >
> >
> > On Nov 17, 2007 1:24 PM, Muhammad Nasim <muhammad.nasim@gmail.com>
> > wrote:
> >
> > > Dear All,
> > >
> > > I am having problem to properly configure MS active Directory to
> > integrate
> > > with
> > >
> > > --
> > > Muhammad Nasim
> > > Network Engineer
> > > Saudi Arabia
> >
> >
> >
> >
> > --
> > Muhammad Nasim
> > Network Engineer
> > Saudi Arabia
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>

-- 
Muhammad Nasim
Network Engineer
Saudi Arabia

• Next message: CCIE: "Quoting the match protocol http mime string"
• Previous message: Tarun Pahuja: "Re: Authentication remote vpn with MS Active Directory (LDAP)"
• Maybe in reply to: Muhammad Nasim: "Authentication remote vpn with MS Active Directory (LDAP)"
• Next in thread: omair naim: "RE: Authentication remote vpn with MS Active Directory (LDAP)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:30 ART