Cisco
300-730 · Question #198
300-730 Question #198: Real Exam Question with Answer & Explanation
The correct answer is D: Correct the login distinguished name or login password under the aaa-server configuration.. Cisco ASA LDAP authentication to Active Directory fails when the aaa-server bind credentials (login DN or password) are incorrectly configured.
Troubleshooting VPNs
Question
A network administrator is setting up a Cisco ASA to authenticate clientless SSLVPN users using an internal Microsoft Active Directory server. When the configuration is complete and the administrator attempts to connect to the clientless SSLVPN, authentication fails. Which action resolves the issue?
Options
- AAdd the user account the administrator is attempting to log in with to the database.
- BThe administrator must use the correct password for the user account they are attempting to log in with.
- CConfigure the ASA to connect to the LDAP port being listened to on the Microsoft Active Directory server.
- DCorrect the login distinguished name or login password under the aaa-server configuration.
Explanation
Cisco ASA LDAP authentication to Active Directory fails when the aaa-server bind credentials (login DN or password) are incorrectly configured.
Common mistakes.
- A. Adding a user to the local ASA database only affects local authentication, not LDAP-based Active Directory authentication.
- B. Using the correct end-user password does not resolve a server-side bind failure caused by misconfigured aaa-server credentials.
- C. The LDAP port is a connection parameter, not an authentication credential; a port misconfiguration typically produces a connection error, not an authentication failure after configuration is complete.
Concept tested. Cisco ASA AAA server LDAP bind configuration
Topics
#clientless SSL VPN#LDAP#Active Directory#aaa-server
Community Discussion
No community discussion yet for this question.