https://community.cisco.com/t5/wireless/wlc-a-ldap-invalid-credentials/m-p/4460078#M233028 <P>Understanding the logic, of the <STRONG>wifitest</STRONG> user, the following appears in the user's properties;</P><P>&nbsp;</P><P>Miembro de:</P><TABLE border="1"><TBODY><TR><TD>Usuarios del dominio..</TD><TD>clientx.cl/Users</TD></TR><TR><TD>UsuariosWifi</TD><TD>clientx.cl/Admins Groups</TD></TR></TBODY></TABLE><P>&nbsp;</P><P>Based on the above, I would assume that the user <STRONG>wifitest</STRONG>, that the <STRONG>Bind Username</STRONG>: = wifitest and the password is that of this user.</P><P>&nbsp;</P><P>notice that the timeout in your example was 10, so modify it.</P><P>(Cisco Controller) &gt;show ldap 1</P><P>Server Index..................................... 1<BR />Address.......................................... 10.3.0.15<BR />Port............................................. 389<BR />Server State..................................... Enabled<BR />User DN.......................................... CN=Users,DC=clientX,DC=cl<BR />User Attribute................................... sAMAccountName<BR />User Type........................................ Person<BR />Retransmit Timeout............................... 10 seconds<BR />Secure (via TLS)................................. Disabled<BR />Bind Method ..................................... Authenticated<BR />Bind Username.................................... <STRONG>wifitest</STRONG></P><P>(Cisco Controller) &gt;</P> Sun, 05 Sep 2021 18:27:42 GMT PaulReveco 2021-09-05T18:27:42Z https://community.cisco.com/t5/wireless/wlc-a-ldap-invalid-credentials/m-p/4459703#M233021 <P>A direct connection with the client AD was enabled, to correct a problem with the ACS, but it gives credentials error.</P><P>It could be that the container is wrong indicated.</P><P>&nbsp;</P><P>&nbsp;</P><P>(Cisco Controller) &gt;show ldap summary</P><P>Idx Server Address Port Enabled Secure Bind<BR />--- ------------------------- ------ ------- ------ ------------<BR />1 10.3.0.15 389 Yes No Authenticated</P><P>(Cisco Controller) &gt;show ldap 1</P><P>Server Index..................................... 1<BR />Address.......................................... 10.3.0.15<BR />Port............................................. 389<BR />Server State..................................... Enabled<BR />User DN.......................................... CN=wifitest<BR />User Attribute................................... sAMAccountName<BR />User Type........................................ Person<BR />Retransmit Timeout............................... 2 seconds<BR />Secure (via TLS)................................. Disabled<BR />Bind Method ..................................... Authenticated<BR />Bind Username.................................... CN=Users,DC=*****,DC=cl</P><P>&nbsp;</P><P>&nbsp;</P><P><BR />*LDAP DB Task 1: Sep 03 16:19:44.229: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)<BR />*LDAP DB Task 1: Sep 03 16:19:44.246: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 49 - Invalid credentials)<BR />*LDAP DB Task 1: Sep 03 16:19:44.246: ldapClose [1] called lcapi_close (rc = 0 - Success)<BR />*LDAP DB Task 1: Sep 03 16:19:44.246: LDAP server 1 changed state to IDLE<BR />*LDAP DB Task 1: Sep 03 16:19:44.246: LDAP server 1 changed state to RETRY<BR />*LDAP DB Task 1: Sep 03 16:19:44.246: LDAP_OPT_REFERRALS = -1</P><P>*LDAP DB Task 1: Sep 03 16:19:44.246: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)<BR />*LDAP DB Task 1: Sep 03 16:19:44.264: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 49 - Invalid credentials)<BR />*LDAP DB Task 1: Sep 03 16:19:44.264: ldapClose [1] called lcapi_close (rc = 0 - Success)<BR />*LDAP DB Task 1: Sep 03 16:19:44.264: LDAP server 1 changed state to IDLE<BR />*LDAP DB Task 1: Sep 03 16:19:44.264: LDAP server 1 changed state to ERROR<BR />*LDAP DB Task 1: Sep 03 16:19:44.264: Handling LDAP response Internal Error<BR />*LDAP DB Task 1: Sep 03 16:19:44.264: Ldap server tried attempt 1<BR />*LDAP DB Task 1: Sep 03 16:19:59.233: ldapTask [1] received msg 'TIMER' (1) in state 'ERROR' (5)<BR />*LDAP DB Task 1: Sep 03 16:19:59.233: LDAP server 1 changed state to IDLE</P><P>&nbsp;</P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MicrosoftTeams-image.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/129706iF88ED79E770D0B36/image-size/medium?v=v2&amp;px=400" role="button" title="MicrosoftTeams-image.png" alt="MicrosoftTeams-image.png" /></span></P><P> </P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MicrosoftTeams-image (1).png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/129707i632DB712DA5BFCB0/image-size/medium?v=v2&amp;px=400" role="button" title="MicrosoftTeams-image (1).png" alt="MicrosoftTeams-image (1).png" /></span></P><P> </P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><P>&nbsp;</P> Fri, 03 Sep 2021 21:52:27 GMT https://community.cisco.com/t5/wireless/wlc-a-ldap-invalid-credentials/m-p/4459703#M233021 PaulReveco 2021-09-03T21:52:27Z https://community.cisco.com/t5/wireless/wlc-a-ldap-invalid-credentials/m-p/4459729#M233022 <P>This is definitely configuration error at WLC side, could you please re-verify the credentials configured at WLC side.</P><P>Refer the below thread, could be helpful for you</P><P><A href="https://community.cisco.com/t5/wireless-mobility-documents/how-to-configure-wireless-lan-controller-wlc-for-lightweight/ta-p/3128687" target="_blank">https://community.cisco.com/t5/wireless-mobility-documents/how-to-configure-wireless-lan-controller-wlc-for-lightweight/ta-p/3128687</A></P><P>&nbsp;</P> Fri, 03 Sep 2021 23:16:51 GMT https://community.cisco.com/t5/wireless/wlc-a-ldap-invalid-credentials/m-p/4459729#M233022 Arshad Safrulla 2021-09-03T23:16:51Z https://community.cisco.com/t5/wireless/wlc-a-ldap-invalid-credentials/m-p/4460078#M233028 <P>Understanding the logic, of the <STRONG>wifitest</STRONG> user, the following appears in the user's properties;</P><P>&nbsp;</P><P>Miembro de:</P><TABLE border="1"><TBODY><TR><TD>Usuarios del dominio..</TD><TD>clientx.cl/Users</TD></TR><TR><TD>UsuariosWifi</TD><TD>clientx.cl/Admins Groups</TD></TR></TBODY></TABLE><P>&nbsp;</P><P>Based on the above, I would assume that the user <STRONG>wifitest</STRONG>, that the <STRONG>Bind Username</STRONG>: = wifitest and the password is that of this user.</P><P>&nbsp;</P><P>notice that the timeout in your example was 10, so modify it.</P><P>(Cisco Controller) &gt;show ldap 1</P><P>Server Index..................................... 1<BR />Address.......................................... 10.3.0.15<BR />Port............................................. 389<BR />Server State..................................... Enabled<BR />User DN.......................................... CN=Users,DC=clientX,DC=cl<BR />User Attribute................................... sAMAccountName<BR />User Type........................................ Person<BR />Retransmit Timeout............................... 10 seconds<BR />Secure (via TLS)................................. Disabled<BR />Bind Method ..................................... Authenticated<BR />Bind Username.................................... <STRONG>wifitest</STRONG></P><P>(Cisco Controller) &gt;</P> Sun, 05 Sep 2021 18:27:42 GMT https://community.cisco.com/t5/wireless/wlc-a-ldap-invalid-credentials/m-p/4460078#M233028 PaulReveco 2021-09-05T18:27:42Z