Web Auth using LDAP on WLC 4402

ajm349 — Sun, 04 Jul 2021 04:16:10 GMT

Hi All,

We are attempting to use LDAP for web authentication on a WLC 4402.

We followed several articles with no avail:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml#C2

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml

You are able to connect to the SSID and it reidrects you to the login page as it should. When you enter your username and password you get a message that "the username and password combination you have entered is invalid." Based on the following log it looks like the LDAP bind is the issue.

*LDAP DB Task 1: Dec 19 11:19:26.584: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).

We are able to test the following configuration with ldp.exe successfully,

Server: ***.***.***.***

Port Number: 389

Bind Username: CiscoBYOT

Bind Password: ***

User Base DN: OU=Students,DC=domain,DC=local

User Attribute: sAMAccountName

User Object Type: Person

I tried running a debug on the WLC but I didn't see anything useful:

Cisco Controller) >*LDAP DB Task 1: Dec 16 15:45:02.276: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 1005 - LDAP bind failed)
*LDAP DB Task 1: Dec 16 15:45:02.276: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Dec 16 15:45:02.276: LDAP server 1 changed state to IDLE
*LDAP DB Task 1: Dec 16 15:45:02.276: LDAP server 1 changed state to RETRY
*LDAP DB Task 1: Dec 16 15:45:02.277: LDAP_OPT_REFERRALS = -1

*LDAP DB Task 1: Dec 16 15:45:02.277: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
*LDAP DB Task 1: Dec 16 15:45:32.278: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 1005 - LDAP bind failed)
*LDAP DB Task 1: Dec 16 15:45:32.278: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Dec 16 15:45:32.278: LDAP server 1 changed state to IDLE
*LDAP DB Task 1: Dec 16 15:45:32.278: LDAP server 1 changed state to ERROR
*LDAP DB Task 1: Dec 16 15:45:37.271: ldapTask [1] received msg 'TIMER' (1) in state 'ERROR' (5)
*LDAP DB Task 1: Dec 16 15:45:37.271: LDAP server 1 changed state to IDLE
*LDAP DB Task 1: Dec 16 15:45:37.271: LDAP server 1 changed state to INIT
*LDAP DB Task 1: Dec 16 15:45:37.271: LDAP_OPT_REFERRALS = -1

Any help to figure out what i missed would be greatly appreciated!

Web Auth using LDAP on WLC 4402

ajm349 — Wed, 21 Dec 2011 14:35:09 GMT

Hi All,

I read an article that LDAP only works if your LDAP database returns passwords in clear text. Since we use Microsoft Active Directory passwords are not in clear text. Instead I setup radius authentication using PAP and it worked.

Web Auth using LDAP on WLC 4402

Nicolas Darchis — Thu, 22 Dec 2011 19:09:50 GMT

This is correct. CHAP for webauth and eap methods using mschapv2 are not supported with LDAP by the way the db are working ...

+5 for posting the solution of your problem 🙂 It helps other people

topic Web Auth using LDAP on WLC 4402 in Wireless

Web Auth using LDAP on WLC 4402

Web Auth using LDAP on WLC 4402

Web Auth using LDAP on WLC 4402