Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2819
Views
5
Helpful
2
Replies

Web Auth using LDAP on WLC 4402

ajm349
Level 1
Level 1

‎12-19-2011 08:29 AM - edited ‎07-03-2021 09:16 PM

Hi All,

We are attempting to use LDAP for web authentication on a WLC 4402. 

We followed several articles with no avail:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml#C2

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml

You are able to connect to the SSID and it reidrects you to the login page as it should.  When you enter your username and password you get a message that "the username and password combination you have entered is invalid." Based on the following log it looks like the LDAP bind is the issue.

*LDAP DB Task 1: Dec 19 11:19:26.584: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).

We are able to test the following configuration with ldp.exe successfully,

Server: ***.***.***.***

Port Number: 389

Bind Username: CiscoBYOT

Bind Password: ***

User Base DN: OU=Students,DC=domain,DC=local

I tried running a debug on the WLC but I didn't see anything useful:

Cisco Controller) >*LDAP DB Task 1: Dec 16 15:45:02.276: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 1005 - LDAP bind failed)
*LDAP DB Task 1: Dec 16 15:45:02.276: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Dec 16 15:45:02.276: LDAP server 1 changed state to IDLE
*LDAP DB Task 1: Dec 16 15:45:02.276: LDAP server 1 changed state to RETRY
*LDAP DB Task 1: Dec 16 15:45:02.277: LDAP_OPT_REFERRALS = -1

*LDAP DB Task 1: Dec 16 15:45:02.277: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
*LDAP DB Task 1: Dec 16 15:45:32.278: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 1005 - LDAP bind failed)
*LDAP DB Task 1: Dec 16 15:45:32.278: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Dec 16 15:45:32.278: LDAP server 1 changed state to IDLE
*LDAP DB Task 1: Dec 16 15:45:32.278: LDAP server 1 changed state to ERROR
*LDAP DB Task 1: Dec 16 15:45:37.271: ldapTask [1] received msg 'TIMER' (1) in state 'ERROR' (5)
*LDAP DB Task 1: Dec 16 15:45:37.271: LDAP server 1 changed state to IDLE
*LDAP DB Task 1: Dec 16 15:45:37.271: LDAP server 1 changed state to INIT
*LDAP DB Task 1: Dec 16 15:45:37.271: LDAP_OPT_REFERRALS = -1

Any help to figure out what i missed would be greatly appreciated! 

1 person had this problem
Labels:
0 Helpful
2 Replies 2

ajm349
Level 1
Level 1

‎12-21-2011 06:35 AM

Hi All,

I read an article that LDAP only works if your LDAP database returns passwords in clear text.  Since we use Microsoft Active Directory passwords are not in clear text.  Instead I setup radius authentication using PAP and it worked. 

Nicolas Darchis
Cisco Employee
Cisco Employee
In response to ajm349

‎12-22-2011 11:09 AM

This is correct. CHAP for webauth and eap methods using mschapv2 are not supported with LDAP by the way the db are working ...

+5 for posting the solution of your problem :-) It helps other people

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card