12-19-2011 08:29 AM - edited 07-03-2021 09:16 PM
Hi All,
We are attempting to use LDAP for web authentication on a WLC 4402.
We followed several articles with no avail:
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml#C2
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml
You are able to connect to the SSID and it reidrects you to the login page as it should. When you enter your username and password you get a message that "the username and password combination you have entered is invalid." Based on the following log it looks like the LDAP bind is the issue.
*LDAP DB Task 1: Dec 19 11:19:26.584: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
We are able to test the following configuration with ldp.exe successfully,
Server: ***.***.***.***
Port Number: 389
Bind Username: CiscoBYOT
Bind Password: ***
User Base DN: OU=Students,DC=domain,DC=local
I tried running a debug on the WLC but I didn't see anything useful:
Cisco Controller) >*LDAP DB Task 1: Dec 16 15:45:02.276: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 1005 - LDAP bind failed)
*LDAP DB Task 1: Dec 16 15:45:02.276: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Dec 16 15:45:02.276: LDAP server 1 changed state to IDLE
*LDAP DB Task 1: Dec 16 15:45:02.276: LDAP server 1 changed state to RETRY
*LDAP DB Task 1: Dec 16 15:45:02.277: LDAP_OPT_REFERRALS = -1
*LDAP DB Task 1: Dec 16 15:45:02.277: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
*LDAP DB Task 1: Dec 16 15:45:32.278: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 1005 - LDAP bind failed)
*LDAP DB Task 1: Dec 16 15:45:32.278: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Dec 16 15:45:32.278: LDAP server 1 changed state to IDLE
*LDAP DB Task 1: Dec 16 15:45:32.278: LDAP server 1 changed state to ERROR
*LDAP DB Task 1: Dec 16 15:45:37.271: ldapTask [1] received msg 'TIMER' (1) in state 'ERROR' (5)
*LDAP DB Task 1: Dec 16 15:45:37.271: LDAP server 1 changed state to IDLE
*LDAP DB Task 1: Dec 16 15:45:37.271: LDAP server 1 changed state to INIT
*LDAP DB Task 1: Dec 16 15:45:37.271: LDAP_OPT_REFERRALS = -1
Any help to figure out what i missed would be greatly appreciated!
12-21-2011 06:35 AM
Hi All,
I read an article that LDAP only works if your LDAP database returns passwords in clear text. Since we use Microsoft Active Directory passwords are not in clear text. Instead I setup radius authentication using PAP and it worked.
12-22-2011 11:09 AM
This is correct. CHAP for webauth and eap methods using mschapv2 are not supported with LDAP by the way the db are working ...
+5 for posting the solution of your problem :-) It helps other people
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide