cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
907
Views
0
Helpful
3
Replies

acs 5.2 and non AD ldap

eugene.tsuno
Level 1
Level 1

I must be stupid.

I have an external LDAP server, (like openldap, but it is an old netscape one).

I can't authenticate against it.  I can anonymous bind against it. but that is it.

I don't want groups or any attributes.  I simply want to say User X password Y, authenticate.

Any time I test anything, it seems to go out to lunch.

Does anyone have an example of this?  What I am actually doing

is to authenticate PEAP-GTC for a wireless network.  I can get the request to the correct

external user store, but from there it doesn't work.

I can probably translate an openldap example.  The ldap works fine against, say Apache

authentication, so it is not so weird.

3 Replies 3

michael mearlon
Level 1
Level 1

good luck: http://linux.die.net/man/8/wpa_supplicant

I wish i could help, but i haven't got to the wireless part yet. I just got the hardwire to wrk. I used a certificate created by the ACS Certificate signing and had the cert created by our inhouse CA. I'm still trying to understand how all this works, but did you look at the monitoring logs on your failed authentication attempts? It should give you some details. Is your ACS Even able to pass authentication back to the LDAP to verify the client?

good luck: http://linux.die.net/man/8/wpa_supplicant

Sent from Cisco Technical Support iPad App

Sent from Cisco Technical Support iPad App

eugene.tsuno
Level 1
Level 1

Well, I got it to work.

It was either a CAcert was wrong, or a reboot that cleared the ldap connections.  Once I tested with

a simple 389 server and authenticated, I could see what is supposed to be returned and my settings

were correct.  I redid it with ldaps, and it worked.

I was then able to get both authenticated and unauthenticated to work, and then the whole thing

to work.

So either it was ldap connection hung, or the Cert was wrong.  When I hit the test button, either should

have spit up some relevant debug stuff (Connection could not be started) or like (SSL connection

could not be initiated)  but it just went out to lunch.  So I believe something was hung up in the box itself.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: