https://community.cisco.com/t5/network-access-control/acs-5-2-and-non-ad-ldap/m-p/1820671#M198491 <P>I must be stupid.</P><P></P><P>I have an external LDAP server, (like openldap, but it is an old netscape one).</P><P></P><P>I can't authenticate against it.&nbsp; I can anonymous bind against it. but that is it.</P><P></P><P>I don't want groups or any attributes.&nbsp; I simply want to say User X password Y, authenticate.</P><P></P><P>Any time I test anything, it seems to go out to lunch.</P><P></P><P>Does anyone have an example of this?&nbsp; What I am actually doing</P><P>is to authenticate PEAP-GTC for a wireless network.&nbsp; I can get the request to the correct</P><P>external user store, but from there it doesn't work.</P><P></P><P>I can probably translate an openldap example.&nbsp; The ldap works fine against, say Apache</P><P>authentication, so it is not so weird.</P> Mon, 11 Mar 2019 01:49:49 GMT eugene.tsuno 2019-03-11T01:49:49Z https://community.cisco.com/t5/network-access-control/acs-5-2-and-non-ad-ldap/m-p/1820671#M198491 <P>I must be stupid.</P><P></P><P>I have an external LDAP server, (like openldap, but it is an old netscape one).</P><P></P><P>I can't authenticate against it.&nbsp; I can anonymous bind against it. but that is it.</P><P></P><P>I don't want groups or any attributes.&nbsp; I simply want to say User X password Y, authenticate.</P><P></P><P>Any time I test anything, it seems to go out to lunch.</P><P></P><P>Does anyone have an example of this?&nbsp; What I am actually doing</P><P>is to authenticate PEAP-GTC for a wireless network.&nbsp; I can get the request to the correct</P><P>external user store, but from there it doesn't work.</P><P></P><P>I can probably translate an openldap example.&nbsp; The ldap works fine against, say Apache</P><P>authentication, so it is not so weird.</P> Mon, 11 Mar 2019 01:49:49 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-and-non-ad-ldap/m-p/1820671#M198491 eugene.tsuno 2019-03-11T01:49:49Z https://community.cisco.com/t5/network-access-control/acs-5-2-and-non-ad-ldap/m-p/1820672#M198510 <HTML><HEAD></HEAD><BODY><P>good luck: http://linux.die.net/man/8/wpa_supplicant</P><P>I wish i could help, but i haven't got to the wireless part yet. I just got the hardwire to wrk. I used a certificate created by the ACS Certificate signing and had the cert created by our inhouse CA. I'm still trying to understand how all this works, but did you look at the monitoring logs on your failed authentication attempts? It should give you some details. Is your ACS Even able to pass authentication back to the LDAP to verify the client?</P><P></P><P>good luck: http://linux.die.net/man/8/wpa_supplicant</P><P></P><P>Sent from Cisco Technical Support iPad App</P><P></P><P></P><P>Sent from Cisco Technical Support iPad App</P></BODY></HTML> Thu, 16 Feb 2012 03:27:42 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-and-non-ad-ldap/m-p/1820672#M198510 michael mearlon 2012-02-16T03:27:42Z https://community.cisco.com/t5/network-access-control/acs-5-2-and-non-ad-ldap/m-p/1820673#M198531 <HTML><HEAD></HEAD><BODY><P>Well, I got it to work.</P><P></P><P>It was either a CAcert was wrong, or a reboot that cleared the ldap connections.&nbsp; Once I tested with </P><P>a simple 389 server and authenticated, I could see what is supposed to be returned and my settings</P><P>were correct.&nbsp; I redid it with ldaps, and it worked.</P><P></P><P>I was then able to get both authenticated and unauthenticated to work, and then the whole thing</P><P>to work.</P></BODY></HTML> Thu, 16 Feb 2012 16:52:40 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-and-non-ad-ldap/m-p/1820673#M198531 eugene.tsuno 2012-02-16T16:52:40Z https://community.cisco.com/t5/network-access-control/acs-5-2-and-non-ad-ldap/m-p/1820674#M198549 <HTML><HEAD></HEAD><BODY><P>So either it was ldap connection hung, or the Cert was wrong.&nbsp; When I hit the test button, either should</P><P>have spit up some relevant debug stuff (Connection could not be started) or like (SSL connection</P><P>could not be initiated)&nbsp; but it just went out to lunch.&nbsp; So I believe something was hung up in the box itself.</P></BODY></HTML> Thu, 16 Feb 2012 17:53:36 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-and-non-ad-ldap/m-p/1820674#M198549 eugene.tsuno 2012-02-16T17:53:36Z