https://community.cisco.com/t5/wireless/wlc-local-eap-ldap-authentication/m-p/2916568#M39558 <P>I'm trying to get an SSID to authenticate users using local EAP with LDAP.&nbsp; The customer doesn't want to use a RADIUS server.&nbsp; I've got the LDAP server configured and when I do a debug aaa ldap enable I can see a successful bind, but the authentication fails.&nbsp; I get the following error:</P> <P>*LDAP DB Task 1: May 12 14:44:50.714: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)<BR />*LDAP DB Task 1: May 12 14:44:50.717: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 0 - Success)<BR />*LDAP DB Task 1: May 12 14:44:50.717: LDAP server 1 changed state to CONNECTED<BR />*LDAP DB Task 1: May 12 14:44:50.717: disabled LDAP_OPT_REFERRALS</P> <P>*LDAP DB Task 1: May 12 14:44:50.717: LDAP_CLIENT: UID Search (base=OU=Departments,DC=mydomain,DC=com, pattern=(&amp;(objectclass=Person)(sAMAccountName=user@mydomain.com)))<BR />*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT: ldap_search_ext_s returns 0 -5<BR />*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT: Returned 1 msgs including 0 references<BR />*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT: Returned msg 1 type 0x65<BR />*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT : No matched DN<BR />*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT : Check result error 0 rc 1013<BR />*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT: Received no referrals in search result msg<BR />*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT: Received 1 attributes in search result msg<BR />*LDAP DB Task 1: May 12 14:44:50.718: ldapAuthRequest [1] 172.16.4.30 - 389 called lcapi_query base="OU=Departments,DC=mydomain,DC=com" type="Person" attr="sAMAccountName" user="user@mydomain.com" (rc = 0 - Success)<BR /><STRONG>*LDAP DB Task 1: May 12 14:44:50.718: Handling LDAP response Authentication Failed</STRONG><BR />*LDAP DB Task 1: May 12 14:44:50.718: Authenticated bind : Closing the binded session</P> <P></P> <P>We've verified the credentials and tried all of the options in the EAP profile?&nbsp; Anyone have this working that can help out?&nbsp; Is there something else specific I need to do on the client side?</P> <P></P> Mon, 05 Jul 2021 12:03:07 GMT chevymannie 2021-07-05T12:03:07Z https://community.cisco.com/t5/wireless/wlc-local-eap-ldap-authentication/m-p/2916568#M39558 <P>I'm trying to get an SSID to authenticate users using local EAP with LDAP.&nbsp; The customer doesn't want to use a RADIUS server.&nbsp; I've got the LDAP server configured and when I do a debug aaa ldap enable I can see a successful bind, but the authentication fails.&nbsp; I get the following error:</P> <P>*LDAP DB Task 1: May 12 14:44:50.714: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)<BR />*LDAP DB Task 1: May 12 14:44:50.717: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 0 - Success)<BR />*LDAP DB Task 1: May 12 14:44:50.717: LDAP server 1 changed state to CONNECTED<BR />*LDAP DB Task 1: May 12 14:44:50.717: disabled LDAP_OPT_REFERRALS</P> <P>*LDAP DB Task 1: May 12 14:44:50.717: LDAP_CLIENT: UID Search (base=OU=Departments,DC=mydomain,DC=com, pattern=(&amp;(objectclass=Person)(sAMAccountName=user@mydomain.com)))<BR />*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT: ldap_search_ext_s returns 0 -5<BR />*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT: Returned 1 msgs including 0 references<BR />*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT: Returned msg 1 type 0x65<BR />*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT : No matched DN<BR />*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT : Check result error 0 rc 1013<BR />*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT: Received no referrals in search result msg<BR />*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT: Received 1 attributes in search result msg<BR />*LDAP DB Task 1: May 12 14:44:50.718: ldapAuthRequest [1] 172.16.4.30 - 389 called lcapi_query base="OU=Departments,DC=mydomain,DC=com" type="Person" attr="sAMAccountName" user="user@mydomain.com" (rc = 0 - Success)<BR /><STRONG>*LDAP DB Task 1: May 12 14:44:50.718: Handling LDAP response Authentication Failed</STRONG><BR />*LDAP DB Task 1: May 12 14:44:50.718: Authenticated bind : Closing the binded session</P> <P></P> <P>We've verified the credentials and tried all of the options in the EAP profile?&nbsp; Anyone have this working that can help out?&nbsp; Is there something else specific I need to do on the client side?</P> <P></P> Mon, 05 Jul 2021 12:03:07 GMT https://community.cisco.com/t5/wireless/wlc-local-eap-ldap-authentication/m-p/2916568#M39558 chevymannie 2021-07-05T12:03:07Z https://community.cisco.com/t5/wireless/wlc-local-eap-ldap-authentication/m-p/2916569#M39559 <H2>Scenario 16: Client authentication failed on LDAP</H2> <P><A name="_Toc387582670"></A>Debug run</P> <P>debug aaa ldap enable</P> <PRE class="prettyprint">*LDAP DB Task 1: Feb 07 17:19:46.535: LDAP_CLIENT: Received no referrals in search result msg *LDAP DB Task 1: Feb 07 17:19:46.535: LDAP_CLIENT: Received 1 attributes in search result msg *LDAP DB Task 1: Feb 07 17:19:46.535: ldapAuthRequest [1] called lcapi_query base="CN=Users,DC=gceaaa,DC=com" type="person" attr="sAMAccountName" user="ish" (rc = 0 - Success) *LDAP DB Task 1: Feb 07 17:19:46.535: Handling LDAP response Authentication Failed //Failed auth *LDAP DB Task 1: Feb 07 17:19:46.536: Authenticated bind : Closing the binded session</PRE> <P><A name="_Toc387582671"></A>Workaround</P> <P>Check LDAP server for reject reasons.</P> <P><A href="http://www.cisco.com/c/en/us/support/docs/wireless/5508-wireless-controller/200072-Cheat-Sheet-Common-Wireless-issues.html#anc18">http://www.cisco.com/c/en/us/support/docs/wireless/5508-wireless-controller/200072-Cheat-Sheet-Common-Wireless-issues.html#anc18</A></P> Fri, 13 May 2016 01:15:39 GMT https://community.cisco.com/t5/wireless/wlc-local-eap-ldap-authentication/m-p/2916569#M39559 mohanak 2016-05-13T01:15:39Z