cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1378
Views
5
Helpful
8
Replies

LDAP authentication through a web page

TrickTrick
Level 3
Level 3

Hi everybody,

 

It seems easy, but I find some difficulties to make it work, I'm trying to configure the WLC to let people get access to the network by using their LDAP credentials

 

I configured a WLAN as follows :

interface : Management 

security :

Layer 2 : None

Layer 3 : Web policy ( Authentication)

Over-ride Global Config : Enable

Web Auth type : Internal (I want to change it after to use a customized page, not that important for now)

AAA servers :

everything on default except for LDAP server I have the IP address there and authentication using local and LDAP only 

 

EAP profile : EAP (created)

 

somehow I can't see any WLAN using my laptop ( I was able before doing these modifications) , and by using my phone it worked but the login is always incorrect even when using the correct username and password in the OU defined in the LDAP menu

 

DO you have guys any input, what's the correct setup to follow to make it work 

 

I followed btw this guide (Create WLAN That Relies On LDAP Server To Authenticate Users Through Internal WLC Web Portal)  : https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/211277-WLC-with-LDAP-Authentication-Configurati.html

 

Infos : WLC : 2504

AP: AIR-AP1832I-E-K9

 

Thanks

 

8 Replies 8

Sandeep Choudhary
VIP Alumni
VIP Alumni

Thanks for this guide, the guide I posted in the OP is almost like this one, the problem is the same, always an Error during the authentication ... no account is accepted from the OU defined.. what could be the issue? . the guy controlling AD is telling me that the OU is defined correctly

Is the WLC allowed to authenticate users in the AD?
Depending on the AD version, the WLC has to get some additional permissions to authenticate users on behalf (I think 'enumeration' is the keyword).

honestly i'm not sure about this particular part, since i'm not controlling it, I want to be sure what exactly I should need to do at the WLC level
I did exactly what is mentioned here : https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/108008-ldap-web-auth-wlc.html

I can say that the controller is well configured ? it's maybe something at the LDAP server level ?

Yes, the LDAP server also needs to be configured correctly. The user that you are using for the authentication needs access on the AD server to authenticate other users on his behalf. I think this part here is very important and so is the next chapter: https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/108008-ldap-web-auth-wlc.html#anc20

In any case, I'd suggest you install a radius server and use radius for the user authentication.

yeah, it seems something is messed up there, some connections aren't established correctly ...here some logs messages confirming this while i'm using correct credentials

*ewmwebWebauth1: Jun 28 15:19:41.072: %LOG-3-Q_IND: ldap_db.c:1082 Could not connect to LDAP server 1, reason: 49 (Invalid credentials).[...It occurred 2 times.!]
*LDAP DB Task 1: Jun 28 15:19:40.108: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1082 Could not connect to LDAP server 1, reason: 49 (Invalid credentials).
*ewmwebWebauth1: Jun 28 15:02:22.747: %LOG-3-Q_IND: ldap_db.c:1082 Could not connect to LDAP server 1, reason: 49 (Invalid credentials).[...It occurred 2 times.!]
*LDAP DB Task 1: Jun 28 15:02:21.784: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1082 Could not connect to LDAP server 1, reason: 49 (Invalid credentials).

What messages do you see on your ldap server in the logs?

Solved! It was an autentication protocol problem between LDAP and WLC, we had to use PAP as an authentication protocol, I honestly didn't check this before and never had the idea to check it :/
Review Cisco Networking for a $25 gift card