Verifying the user account on a device

The following procedure verifies a user account on a device.

  1. Log in to the device as a user with admin privileges.
  2. Verify that the LDAP/AD server has an entry in the device LDAP server list. 
    device# show running-config ldap-server
  3. In global configuration mode, set the login authentication mode on the device to use LDAP only and verify the change. 
    device# configure terminal
Entering configuration mode terminal
device(config)# no aaa authentication login
device(config)# aaa authentication login ldap
device(config)# do
 show running-config aaa
aaa authentication login ldap
  4. Log in to the device using an account with valid LDAP/AD only credentials to verify that LDAP/AD is being used to authenticate the user.
  5. Log in to the device using an account with device-local only credentials. The login should fail with an access denied message.
9036684-01 Rev AA