Re: Authentication remote vpn with MS Active Directory (LDAP)

From: Muhammad Nasim (muhammad.nasim@gmail.com)
Date: Sat Nov 17 2007 - 11:54:57 ART

• Next message: fadel lubbos: "RE: CCIE 19366"
• Previous message: Rory Grant: "IE lab 3 - auto-cost reference-bandwidth 20000 kills my routes"
• Maybe in reply to: Muhammad Nasim: "Authentication remote vpn with MS Active Directory (LDAP)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Nov 17, 2007 2:58 PM, Muhammad Nasim <muhammad.nasim@gmail.com> wrote:

> Thanks for your reply Omair,
>
> Please see the link below in which it is mentioned that we can do
> authentication with Active Directory via LDAP.
>
>
> http://www.cisco.com/en/US/customer/docs/security/asa/asa72/asdm52/selected_procedures/asdmldap.html
>
> Guys it was my mistake as I was pointing to the wrong container of the
> Forest in the AD.
>

Probolem solved : 0

>
>
>
> On Nov 17, 2007 2:42 PM, omair naim < omairnaim1@hotmail.com> wrote:
>
> > Without AAA and MS IAS you cant integrate LDAP with ASA for remote vpn
> > users.
> >
> > Omair
> >
> > > Date: Sat, 17 Nov 2007 14:26:42 +0300
> > > From: muhammad.nasim@gmail.com
> > > To: pahujat@gmail.com
> > > Subject: Re: Authentication remote vpn with MS Active Directory (LDAP)
> > > CC: ccielab@groupstudy.com; security@groupstudy.com
> >
> > >
> > > Thanks Tarun but the thing is that my case in my case I want to allow
> > remote
> > > VPN users to authenticate against only with MS AD (LDAP) not using IAS
> > or
> > > any other AAA.
> > >
> > > I am almost sure that the configuration on the ASA is perfect but the
> > > problem is that users not being able to authenticate and *debug ldap
> > 255 *is
> > > follow
> > >
> > > [25] Session Start
> > > st Session, context 0x4206e6c, reqType = 1
> > > [25] FiberI started
> > > [25] Creating LDAP context with uri=ldap://10.1.1.240:389
> > > [25] Binding as administrator
> > > [25] Performing Simple authentication for testadmin to 10.1.1.240
> > > [25] Connect to LDAP server: ldap://1N0.1.1.240:389, status =
> > SuccessfulF
> > > [25] LDAP SeOarch::
> > > Base DN = [dc=testdc, dc=test, test =com]
> > > Filter = [sAMAccountName=nasim]
> > > Scope = [ASUBTtREE]
> > > [25] Reqtueste form nasim repturned code (1) Operations error
> > > [25] Fiber exit Tx=146 bytes Rx=111t bytes, status=-1
> > > [25] Session End*ERROR: Authentication Rejected: Memory error*
> > >
> > > I think there is some thing wrong with the MS AD configuration (giving
> > > anonymous access to the user to search in LDAP)
> > >
> > > Although i followed the configuration steps from the microsoft
> > >
> > > http://support.microsoft.com/kb/320528
> > > &
> > > http://support.microsoft.com/kb/326690
> > >
> > > No luck until now
> > >
> > >
> > >
> > >
> > > On Nov 17, 2007 2:09 PM, Tarun Pahuja <pahujat@gmail.com> wrote:
> > >
> > > > Muhammad,
> > > > http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml
> >
> > > >
> > > >
> > > > HTH,
> > > > Tarun
> > > >
> > > > On Nov 17, 2007 5:27 AM, Muhammad Nasim <muhammad.nasim@gmail.com >
> > wrote:
> > > >
> > > > > Dear All,
> > > > >
> > > > > I am having problem to properly configure MS active Directory to
> > > > > integrate
> > > > > with ASA( for users authentication vis LDAP). Can anybody point me
> > to
> > > > > the
> > > > > link from where I can get step by step configuration on how to
> > configure
> > > > > MS
> > > > > Active Directory to allow anonymous access to one user (i.e.
> > admin). So
> > > > > this
> > > > > user can search & retrieve the credentials of all the other VPN
> > users.
> > > > >
> > > > >
> > > > > I have windows 2003 R2.
> > > > >
> > > > > TIA
> > > > >
> > > > >
> > > > > On Nov 17, 2007 1:24 PM, Muhammad Nasim <muhammad.nasim@gmail.com>
> > > > > wrote:
> > > > >
> > > > > > Dear All,
> > > > > >
> > > > > > I am having problem to properly configure MS active Directory to
> > > > > integrate
> > > > > > with
> > > > > >
> > > > > > --
> > > > > > Muhammad Nasim
> > > > > > Network Engineer
> > > > > > Saudi Arabia
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Muhammad Nasim
> > > > > Network Engineer
> > > > > Saudi Arabia
> > > > >
> > > > >
> > _______________________________________________________________________
> > > > > Subscription information may be found at:
> > > > > http://www.groupstudy.com/list/CCIELab.html
> > > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Muhammad Nasim
> > > Network Engineer
> > > Saudi Arabia
> > >
> > >
> > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > ------------------------------
> > Connect to the next generation of MSN Messenger Get it now!
> > <http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline>
> >
>
>
>
> --
>
> Muhammad Nasim
> Network Engineer
> Saudi Arabia
>

-- 
Muhammad Nasim
Network Engineer
Saudi Arabia

• Next message: fadel lubbos: "RE: CCIE 19366"
• Previous message: Rory Grant: "IE lab 3 - auto-cost reference-bandwidth 20000 kills my routes"
• Maybe in reply to: Muhammad Nasim: "Authentication remote vpn with MS Active Directory (LDAP)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:30 ART