Hi Guys
I have a Cisco ASA with a remote user VPN doing LDAP authentication against a Windows Server 2012 Domain Controller. I have set tonnes of these up without any problems when connecting to a Windows Server 2008 DC, and have not had to change much on the server - just ensure that there is an account that the ASA can use to run LDAP queries against the DC.
On my new 2012 server, it looks like the authentication from the ASA is being rejected because its trying to use simple LDAP authentication. Is this not allowed in Server 2012? I can see that the correct credentials are coming through on my Wireshark capture, but the server rejects them stating that they are invalid.
I know that the account works as I can log on from a domain-joined machine with the same credentials that the ASA uses. I have also ensured that the ASA account has the correct permissions.
If simple LDAP binds are not allowed, and I cannot or should not enable them, should I use LDAP-over-SSL? This setup is for a small customer without a PKI infrastructure, so I'd have to install a root CA on the domain controller and use it to manage all of the certificates etc.
Otherwise, if anyone is able to point me in the right direction for setting up kerberos (sasl-mechanism) with the ASA, then i will happily give that a go, but I havent had much luck googling it so far.
Really appreciate any responses. Thanks for your time.
Jon