Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1149
Views
0
Helpful
3
Replies

acs 5.2 and non AD ldap

eugene.tsuno
Level 1
Level 1

‎02-15-2012 09:45 AM - edited ‎03-10-2019 06:49 PM

I must be stupid.

I have an external LDAP server, (like openldap, but it is an old netscape one).

I can't authenticate against it.  I can anonymous bind against it. but that is it.

I don't want groups or any attributes.  I simply want to say User X password Y, authenticate.

Any time I test anything, it seems to go out to lunch.

Does anyone have an example of this?  What I am actually doing

is to authenticate PEAP-GTC for a wireless network.  I can get the request to the correct

external user store, but from there it doesn't work.

I can probably translate an openldap example.  The ldap works fine against, say Apache

authentication, so it is not so weird.

Labels:
0 Helpful
3 Replies 3

michael mearlon
Level 1
Level 1

‎02-15-2012 07:27 PM

good luck: http://linux.die.net/man/8/wpa_supplicant

I wish i could help, but i haven't got to the wireless part yet. I just got the hardwire to wrk. I used a certificate created by the ACS Certificate signing and had the cert created by our inhouse CA. I'm still trying to understand how all this works, but did you look at the monitoring logs on your failed authentication attempts? It should give you some details. Is your ACS Even able to pass authentication back to the LDAP to verify the client?

good luck: http://linux.die.net/man/8/wpa_supplicant

Sent from Cisco Technical Support iPad App

Sent from Cisco Technical Support iPad App

0 Helpful

eugene.tsuno
Level 1
Level 1

‎02-16-2012 08:52 AM

Well, I got it to work.

It was either a CAcert was wrong, or a reboot that cleared the ldap connections.  Once I tested with

a simple 389 server and authenticated, I could see what is supposed to be returned and my settings

were correct.  I redid it with ldaps, and it worked.

I was then able to get both authenticated and unauthenticated to work, and then the whole thing

to work.

0 Helpful

eugene.tsuno
Level 1
Level 1
In response to eugene.tsuno

‎02-16-2012 09:53 AM

So either it was ldap connection hung, or the Cert was wrong.  When I hit the test button, either should

have spit up some relevant debug stuff (Connection could not be started) or like (SSL connection

could not be initiated)  but it just went out to lunch.  So I believe something was hung up in the box itself.

0 Helpful
Customers Also Viewed These Support Documents