LDAP Admin bind failed debugs
This is how the debugs will look like if LDAP admin bind fails:
ASA(host)# test aaa autho TEST host 192.168.1.4
Username: raj
INFO: Attempting Authorization test to IP address <192.168.1.4> (timeout: 12 seconds)
[-2147483640] Session Start
[-2147483640] New request Session, context 0x00002aaad5771be0, reqType = Other
[-2147483640] Fiber started
[-2147483640] Creating LDAP context with uri=ldap://192.168.1.4:389
[-2147483640] Connect to LDAP server: ldap://192.168.1.4:389, status = Successful
[-2147483640] supportedLDAPVersion: value = 3
[-2147483640] supportedLDAPVersion: value = 2
[-2147483640] Binding as aduser
[-2147483640] Performing Simple authentication for aduser to 192.168.1.4
[-2147483640] Simple authentication for aduser returned code (49) Invalid credentials
[-2147483640] Failed to bind as administrator returned code (-1) Can't contact LDAP server
[-2147483640] Fiber exit Tx=205 bytes Rx=723 bytes, status=-2
[-2147483640] Session End
ERROR: Authorization Server not responding: AAA Server has been removed
Remember: If admin bind fails it will clearly say "Failed to bind as administrator"
Below was the configuration during this test:
aaa-server TEST (inside) host 192.168.1.4
ldap-base-dn DC=awesome,DC=ca
ldap-group-base-dn DC=awesome,DC=ca
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *******
ldap-login-dn "CN=aduser,CN=Users,DC=norseman,DC=ca"
server-type microsoft
ldap-attribute-map LDAP_memberOf
I changed the ldap-login-dn to domain\username. The new configuration looks like:
aaa-server TEST (inside) host 192.168.1.4
ldap-base-dn DC=awesome,DC=ca
ldap-group-base-dn DC=awesome,DC=ca
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *******
ldap-login-dn awesome\aduser
server-type microsoft
ldap-attribute-map LDAP_memberOf
Share/like/google+ if this has helped you!
ASA(host)# test aaa autho TEST host 192.168.1.4
Username: raj
INFO: Attempting Authorization test to IP address <192.168.1.4> (timeout: 12 seconds)
[-2147483640] Session Start
[-2147483640] New request Session, context 0x00002aaad5771be0, reqType = Other
[-2147483640] Fiber started
[-2147483640] Creating LDAP context with uri=ldap://192.168.1.4:389
[-2147483640] Connect to LDAP server: ldap://192.168.1.4:389, status = Successful
[-2147483640] supportedLDAPVersion: value = 3
[-2147483640] supportedLDAPVersion: value = 2
[-2147483640] Binding as aduser
[-2147483640] Performing Simple authentication for aduser to 192.168.1.4
[-2147483640] Simple authentication for aduser returned code (49) Invalid credentials
[-2147483640] Failed to bind as administrator returned code (-1) Can't contact LDAP server
[-2147483640] Fiber exit Tx=205 bytes Rx=723 bytes, status=-2
[-2147483640] Session End
ERROR: Authorization Server not responding: AAA Server has been removed
Remember: If admin bind fails it will clearly say "Failed to bind as administrator"
Below was the configuration during this test:
aaa-server TEST (inside) host 192.168.1.4
ldap-base-dn DC=awesome,DC=ca
ldap-group-base-dn DC=awesome,DC=ca
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *******
ldap-login-dn "CN=aduser,CN=Users,DC=norseman,DC=ca"
server-type microsoft
ldap-attribute-map LDAP_memberOf
I changed the ldap-login-dn to domain\username. The new configuration looks like:
aaa-server TEST (inside) host 192.168.1.4
ldap-base-dn DC=awesome,DC=ca
ldap-group-base-dn DC=awesome,DC=ca
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *******
ldap-login-dn awesome\aduser
server-type microsoft
ldap-attribute-map LDAP_memberOf
Share/like/google+ if this has helped you!
1 comments:
Thanks, this helped me today!
Post a Comment