cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1371
Views
0
Helpful
5
Replies

LDAP issues with 5508 WLC

mukka
Level 1
Level 1

I have deployed two wlans with two LDAP servers and different OU configurantion in each LDAP.

WLC5508 software 7.2.110

wlan id 1 is set to LDAP server1

wlan id 4 is set to LDAP server2

tests

user server1 connect to wlan1

user server1 connect to wlan4    - this should not happen

user server2 connect to wlan4

user server2 connect to wlan1     - this should not happen                  

This scenario already work fine on WLC 4400 with software 7.0.116

Anyone already has a similar problem?

thanks,

Murilo Cavallini

5 Replies 5

mukka
Level 1
Level 1

the correct wlan and ldap:

wlan id 1 is set to LDAP server2

wlan id 4 is set to LDAP server1

tests

user on server1 connect to wlan4

user on server1 connect to wlan1    - this should not happen

user on server2 connect to wlan4

user on server2 connect to wlan1     - this should not happen             

Are wlc skipping primary ldap and hitting global entry or on what condition it hits the other ldap.

are you using internal/external or no radius.

unlike Radius, ldap didn't have configurable fallback or locking an ldap to wlan.

can you share the debugs for ldap.

We are using external LDAP
This issue is intermittent in my scenario. Some times it works , and another I have this issue.

attached logs, I removed only OU names

  

do you have any suggestion about this issue?

thanks and best regards,

wlan id 1 is set to LDAP server2

wlan id 4 is set to LDAP server1

tests

user on server1 connect to wlan4

user on server1 connect to wlan1    - this should not happen

user on server2 connect to wlan4    - THIS SHOULDN'T HAPPEN, actually.

user on server2 connect to wlan1

can you split the LDAP server config on WLC using different config for server 1 & 2 and or make users unavailable on one or the other server.

Both DataBase is created on the same AD, but this Server has 2 network interface.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------

wlan1 is set to LDAP Server2: IP address 10.19.198.254

show ldap 2

Server Index..................................... 2

Address.......................................... 10.19.198.254

Port............................................. 389

Enabled.......................................... Yes

User DN.......................................... OU=Convidados,DC=wlan,DC=tvg,DC=com,DC=BR

User Attribute................................... sAMAccountName

User Type........................................ Person

Retransmit Timeout............................... 2 seconds

Bind Method ..................................... Anonymous

*LDAP DB Task 1: Oct 25 09:13:08.716: Attempting user bind with username CN=didatagm,OU=GloboMobile,DC=wlan,DC=tvglobo,DC=com,DC=br

Server Index..................................... 2
Address.......................................... 10.19.198.254
Port............................................. 389
Enabled.......................................... Yes
User DN.......................................... OU=Convidados,DC=wlan,DC=tvg,DC=com,DC=BR
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 2 seconds
Bind Method ..................................... Anonymous

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------

wlan2 is set to LDAP Server1: IP address 10.19.198.176

show ldap 1

Server Index..................................... 1

Address.......................................... 10.19.198.176

Port............................................. 389

Enabled.......................................... Yes

User DN.......................................... OU=Mobile,DC=wlan,DC=tvg,DC=com,DC=BR

User Attribute................................... sAMAccountName

User Type........................................ Person

Retransmit Timeout............................... 2 seconds

Bind Method ..................................... AnonymousServer Index..................................... 1
Address.......................................... 10.19.198.176
Port............................................. 389
Enabled.......................................... Yes
User DN.......................................... OU=Mobile,DC=wlan,DC=tvg,DC=com,DC=BR
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 2 seconds
Bind Method ..................................... Anonymous

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------

This is the problem that I can see:

Auth. Request is sent:

*LDAP DB Task 2: Oct 25 09:13:08.710: ldapAuthRequest [2] called lcapi_query base="OU=Convidados,DC=wlan,DC=tvg,DC=com,DC=BR"       type="Person" attr="sAMAccountName" user="didatagm" (rc = 32 - No such object)

Binding with the user with database:

*LDAP DB Task 1: Oct 25 09:13:08.716: Attempting user bind with username CN=didatagm,OU=Mobile,DC=wlan,DC=tvg,DC=com,DC=br

WLC is requesting for LDAP SERVER2 and is binding for LDAP SERVER1. This issue is occuring only sometimes.

      

thanks a lot.

Review Cisco Networking for a $25 gift card