Re: Authentication remote vpn with MS Active Directory (LDAP)

From: Muhammad Nasim (muhammad.nasim@gmail.com)
Date: Sat Nov 17 2007 - 08:58:10 ART

• Next message: Alex Steer: "protocol number ISL pvst"
• Previous message: omair naim: "RE: Authentication remote vpn with MS Active Directory (LDAP)"
• Maybe in reply to: Muhammad Nasim: "Authentication remote vpn with MS Active Directory (LDAP)"
• Next in thread: Muhammad Nasim: "Re: Authentication remote vpn with MS Active Directory (LDAP)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks for your reply Omair,

Please see the link below in which it is mentioned that we can do
authentication with Active Directory via LDAP.

http://www.cisco.com/en/US/customer/docs/security/asa/asa72/asdm52/selected_procedures/asdmldap.html

On Nov 17, 2007 2:42 PM, omair naim <omairnaim1@hotmail.com> wrote:

> Without AAA and MS IAS you cant integrate LDAP with ASA for remote vpn
> users.
>
> Omair
>
> > Date: Sat, 17 Nov 2007 14:26:42 +0300
> > From: muhammad.nasim@gmail.com
> > To: pahujat@gmail.com
> > Subject: Re: Authentication remote vpn with MS Active Directory (LDAP)
> > CC: ccielab@groupstudy.com; security@groupstudy.com
>
> >
> > Thanks Tarun but the thing is that my case in my case I want to allow
> remote
> > VPN users to authenticate against only with MS AD (LDAP) not using IAS
> or
> > any other AAA.
> >
> > I am almost sure that the configuration on the ASA is perfect but the
> > problem is that users not being able to authenticate and *debug ldap 255
> *is
> > follow
> >
> > [25] Session Start
> > st Session, context 0x4206e6c, reqType = 1
> > [25] FiberI started
> > [25] Creating LDAP context with uri=ldap://10.1.1.240:389
> > [25] Binding as administrator
> > [25] Performing Simple authentication for testadmin to 10.1.1.240
> > [25] Connect to LDAP server: ldap://1N0.1.1.240:389, status =
> SuccessfulF
> > [25] LDAP SeOarch::
> > Base DN = [dc=testdc, dc=test, test =com]
> > Filter = [sAMAccountName=nasim]
> > Scope = [ASUBTtREE]
> > [25] Reqtueste form nasim repturned code (1) Operations error
> > [25] Fiber exit Tx=146 bytes Rx=111t bytes, status=-1
> > [25] Session End*ERROR: Authentication Rejected: Memory error*
> >
> > I think there is some thing wrong with the MS AD configuration (giving
> > anonymous access to the user to search in LDAP)
> >
> > Although i followed the configuration steps from the microsoft
> >
> > http://support.microsoft.com/kb/320528
> > &
> > http://support.microsoft.com/kb/326690
> >
> > No luck until now
> >
> >
> >
> >
> > On Nov 17, 2007 2:09 PM, Tarun Pahuja <pahujat@gmail.com> wrote:
> >
> > > Muhammad,
> > >
> http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml
> > >
> > >
> > > HTH,
> > > Tarun
> > >
> > > On Nov 17, 2007 5:27 AM, Muhammad Nasim <muhammad.nasim@gmail.com>
> wrote:
> > >
> > > > Dear All,
> > > >
> > > > I am having problem to properly configure MS active Directory to
> > > > integrate
> > > > with ASA( for users authentication vis LDAP). Can anybody point me
> to
> > > > the
> > > > link from where I can get step by step configuration on how to
> configure
> > > > MS
> > > > Active Directory to allow anonymous access to one user (i.e. admin).
> So
> > > > this
> > > > user can search & retrieve the credentials of all the other VPN
> users.
> > > >
> > > >
> > > > I have windows 2003 R2.
> > > >
> > > > TIA
> > > >
> > > >
> > > > On Nov 17, 2007 1:24 PM, Muhammad Nasim <muhammad.nasim@gmail.com>
> > > > wrote:
> > > >
> > > > > Dear All,
> > > > >
> > > > > I am having problem to properly configure MS active Directory to
> > > > integrate
> > > > > with
> > > > >
> > > > > --
> > > > > Muhammad Nasim
> > > > > Network Engineer
> > > > > Saudi Arabia
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Muhammad Nasim
> > > > Network Engineer
> > > > Saudi Arabia
> > > >
> > > >
> _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > >
> > >
> >
> >
> > --
> > Muhammad Nasim
> > Network Engineer
> > Saudi Arabia
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> ------------------------------
> Connect to the next generation of MSN Messenger Get it now!
> <http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline>
>

-- 
Muhammad Nasim
Network Engineer
Saudi Arabia

• Next message: Alex Steer: "protocol number ISL pvst"
• Previous message: omair naim: "RE: Authentication remote vpn with MS Active Directory (LDAP)"
• Maybe in reply to: Muhammad Nasim: "Authentication remote vpn with MS Active Directory (LDAP)"
• Next in thread: Muhammad Nasim: "Re: Authentication remote vpn with MS Active Directory (LDAP)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:30 ART