cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10098
Views
15
Helpful
20
Replies

LDAP Authenticatin Problem on Call Manager 7.1.3b

michalis1234
Level 1
Level 1

My active directory is syncronized fine...

I can see all the users...

But When I try to login to call manger as user or as an administrator (CCM admin user group), it fails.

I have tick the box on ldap synchronization "use ldap authentication for end users"

20 Replies 20

Unfortunately I did not managed to login.

I am attaching the capture file.

I spoke as well with AD administrator and he told me that the userid I am using, is allowed to login int the cucm server.

Thank you in advance...

an obvious question but have you tried logging into a domain PC with the same credentials?

By looking at the packet capture, the problem is still on LDAP side.

Here are the relevant packets:

#4 CUCM sent bindRequest to LDAP.  Username: eurobank\scanner.  Password: scanner1234$$
#5 LDAP sent successful response

#13 CUCM sent bindRequest to LDAP.  Username: CN=MLavrentakis, OU=Cyprus,OU=Employees,DC=Eurobank,DC=efg,DC=gr.  Password: !Log1234!
#14 LDAP sent failed response - "invalidCrdentials"

If you're sure the information was correct in packet #13, you should get your LDAP engineer to explain packet #14.

Thanks!

Michael

You are absolutely rigth!!!

The usernames and passwords are correct!!!

I can login with the same credentials in the domain....

It is obvious that the problem is AD and the permissions of these user accounts....

I need to focus on the AD ...

Your recomendations and troubleshooting were excellent!!!

Thank you very much for your help michael!!!

The reason directory sync works and this doesnt is because end user auth is completely seperate from directory sync. I had a similar problem and the cuase was that the end user was on a child domain that didnt share a root with the auth server i was using. the server was on xyz.com and the user abc.com. The fix for me was changes the user search base from "DC=xyz,DC=com" to "DC=com" and change the port i was using from 389(ldap port) to 3268(global catalog port). This doc also helped.

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/directry.html#wp1070369

neilobrien
Level 1
Level 1

Have you mapped a different LDAP attribute to the CM User ID.  For example, under LDAP System, if your LDAP attribute for the User ID is set to "telephone number" then your CM login user ID is the telephone number set int he AD user account.

just something to look for....?