From: omair naim (omairnaim1@hotmail.com)
Date: Sat Nov 17 2007 - 08:42:47 ART
Without AAA and MS IAS you cant integrate LDAP with ASA for remote vpn users.
Omair> Date: Sat, 17 Nov 2007 14:26:42 +0300> From: muhammad.nasim@gmail.com>
To: pahujat@gmail.com> Subject: Re: Authentication remote vpn with MS Active
Directory (LDAP)> CC: ccielab@groupstudy.com; security@groupstudy.com> >
Thanks Tarun but the thing is that my case in my case I want to allow remote>
VPN users to authenticate against only with MS AD (LDAP) not using IAS or> any
other AAA.> > I am almost sure that the configuration on the ASA is perfect
but the> problem is that users not being able to authenticate and *debug ldap
255 *is> follow> > [25] Session Start> st Session, context 0x4206e6c, reqType
= 1> [25] FiberI started> [25] Creating LDAP context with
uri=ldap://10.1.1.240:389> [25] Binding as administrator> [25] Performing
Simple authentication for testadmin to 10.1.1.240> [25] Connect to LDAP
server: ldap://1N0.1.1.240:389, status = SuccessfulF> [25] LDAP SeOarch::>
Base DN = [dc=testdc, dc=test, test =com]> Filter = [sAMAccountName=nasim]>
Scope = [ASUBTtREE]> [25] Reqtueste form nasim repturned code (1) Operations
error> [25] Fiber exit Tx=146 bytes Rx=111t bytes, status=-1> [25] Session
End*ERROR: Authentication Rejected: Memory error*> > I think there is some
thing wrong with the MS AD configuration (giving> anonymous access to the user
to search in LDAP)> > Although i followed the configuration steps from the
microsoft> > http://support.microsoft.com/kb/320528> &>
http://support.microsoft.com/kb/326690> > No luck until now> > > > > On Nov
17, 2007 2:09 PM, Tarun Pahuja <pahujat@gmail.com> wrote:> > > Muhammad,> >
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_
example09186a00806de37e.shtml> >> >> > HTH,> > Tarun> >> > On Nov 17, 2007
5:27 AM, Muhammad Nasim <muhammad.nasim@gmail.com> wrote:> >> > > Dear All,> >
>> > > I am having problem to properly configure MS active Directory to> > >
integrate> > > with ASA( for users authentication vis LDAP). Can anybody point
me to> > > the> > > link from where I can get step by step configuration on
how to configure> > > MS> > > Active Directory to allow anonymous access to
one user (i.e. admin). So> > > this> > > user can search & retrieve the
credentials of all the other VPN users.> > >> > >> > > I have windows 2003
R2.> > >> > > TIA> > >> > >> > > On Nov 17, 2007 1:24 PM, Muhammad Nasim
<muhammad.nasim@gmail.com>> > > wrote:> > >> > > > Dear All,> > > >> > > > I
am having problem to properly configure MS active Directory to> > > integrate>
> > > with> > > >> > > > --> > > > Muhammad Nasim> > > > Network Engineer> > >
> Saudi Arabia> > >> > >> > >> > >> > > --> > > Muhammad Nasim> > > Network
Engineer> > > Saudi Arabia> > >> > >
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:30 ART