Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1331
Views
5
Helpful
8
Replies

LDAP authentication through a web page

TrickTrick
Level 3
Level 3

‎06-21-2018 08:58 AM - edited ‎07-05-2021 08:46 AM

Hi everybody,

 

It seems easy, but I find some difficulties to make it work, I'm trying to configure the WLC to let people get access to the network by using their LDAP credentials

 

I configured a WLAN as follows :

interface : Management 

security :

Layer 2 : None

Layer 3 : Web policy ( Authentication)

Over-ride Global Config : Enable

Web Auth type : Internal (I want to change it after to use a customized page, not that important for now)

AAA servers :

everything on default except for LDAP server I have the IP address there and authentication using local and LDAP only 

 

EAP profile : EAP (created)

 

somehow I can't see any WLAN using my laptop ( I was able before doing these modifications) , and by using my phone it worked but the login is always incorrect even when using the correct username and password in the OU defined in the LDAP menu

 

DO you have guys any input, what's the correct setup to follow to make it work 

 

I followed btw this guide (Create WLAN That Relies On LDAP Server To Authenticate Users Through Internal WLC Web Portal)  : https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/211277-WLC-with-LDAP-Authentication-Configurati.html

 

Infos : WLC : 2504

AP: AIR-AP1832I-E-K9

 

Thanks

 

Labels:
0 Helpful
8 Replies 8

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎06-21-2018 10:24 PM

please go through this guide:

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/108008-ldap-web-auth-wlc.html

 

Regards

Dont forget to rate helpful posts

0 Helpful

TrickTrick
Level 3
Level 3
In response to Sandeep Choudhary

‎06-22-2018 02:41 AM

Thanks for this guide, the guide I posted in the OP is almost like this one, the problem is the same, always an Error during the authentication ... no account is accepted from the OU defined.. what could be the issue? . the guy controlling AD is telling me that the OU is defined correctly
0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to TrickTrick

‎06-22-2018 05:27 AM

Is the WLC allowed to authenticate users in the AD?
Depending on the AD version, the WLC has to get some additional permissions to authenticate users on behalf (I think 'enumeration' is the keyword).
0 Helpful

TrickTrick
Level 3
Level 3
In response to patoberli

‎06-28-2018 04:58 AM

honestly i'm not sure about this particular part, since i'm not controlling it, I want to be sure what exactly I should need to do at the WLC level
I did exactly what is mentioned here : https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/108008-ldap-web-auth-wlc.html

I can say that the controller is well configured ? it's maybe something at the LDAP server level ?
0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to TrickTrick

‎06-28-2018 05:06 AM

Yes, the LDAP server also needs to be configured correctly. The user that you are using for the authentication needs access on the AD server to authenticate other users on his behalf. I think this part here is very important and so is the next chapter: https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/108008-ldap-web-auth-wlc.html#anc20

In any case, I'd suggest you install a radius server and use radius for the user authentication.
0 Helpful

TrickTrick
Level 3
Level 3
In response to patoberli

‎06-28-2018 07:13 AM - edited ‎06-28-2018 07:17 AM

yeah, it seems something is messed up there, some connections aren't established correctly ...here some logs messages confirming this while i'm using correct credentials

*ewmwebWebauth1: Jun 28 15:19:41.072: %LOG-3-Q_IND: ldap_db.c:1082 Could not connect to LDAP server 1, reason: 49 (Invalid credentials).[...It occurred 2 times.!]
*LDAP DB Task 1: Jun 28 15:19:40.108: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1082 Could not connect to LDAP server 1, reason: 49 (Invalid credentials).
*ewmwebWebauth1: Jun 28 15:02:22.747: %LOG-3-Q_IND: ldap_db.c:1082 Could not connect to LDAP server 1, reason: 49 (Invalid credentials).[...It occurred 2 times.!]
*LDAP DB Task 1: Jun 28 15:02:21.784: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1082 Could not connect to LDAP server 1, reason: 49 (Invalid credentials).

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to TrickTrick

‎06-28-2018 07:21 AM

What messages do you see on your ldap server in the logs?

TrickTrick
Level 3
Level 3
In response to patoberli

‎06-28-2018 09:27 AM

Solved! It was an autentication protocol problem between LDAP and WLC, we had to use PAP as an authentication protocol, I honestly didn't check this before and never had the idea to check it :/
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card