topic WebAuthetication with multi LDAP Server - only first server works in Wireless

WebAuthetication with multi LDAP Server - only first server works

Ugoweb — Mon, 05 Jul 2021 16:56:14 GMT

Hi,

I use web authentication with a single LDAP server, and it works fine (Server1 contoso.com:389).

Now I added a new LDAP server (Server2 cisco.com:389) for web authentication.

So in "WLANs - LDAP server" I input both server 1 and 2.

Authentication works just on the first server; if I try authentication on Server2, don't authenticate (web page).

So it seems just "Server1" can authenticate the request.

In fact, if I switch server1 and server2, then authentication works fine (authentication on cisco.com, now on Server1).

Haydn Andrews — Mon, 25 Feb 2019 21:02:48 GMT

Are the two LDAP servers synced? as in have the same username/passwords?

With multiple auth servers the first one is used, if the username is there it will not move onto the secondary, only if the username does not exist.

The fact you swapped them and the secondary when set as primary works shows that there is nothing wrong with the actual server.

Are you using ISE for the captive portal or just from the WLC?

Ugoweb — Mon, 25 Feb 2019 21:30:46 GMT

The 2 server LDAP is not sync only trusted.

server 1 --> 10.2.x.y --> contoso.com

server 2 --> 10.20.x.y --> cisco.com

field for authetication uPN (email address)

The accoun exist only on server 2

When i using account present only server 1 authetication is perfect.

When i using account present only server 2 NOT authentic

If switch order LDAP server authentic server 2 but not authentic server 1

Are you using ISE for the captive portal or just from the WLC? --> Only WLC