cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1357
Views
0
Helpful
4
Replies
Highlighted
Beginner

WLC-5508 Problem with AD (win2003) - rc = 1005 - LDAP bind failed

Hi, I am having problems with my WLC to connect in my LDAP (ActiveDirectory).

I have 3 interfaces in the controller:

- Management  (vlan709): 10.41.200.253

- lan (vlan 1): 190.1.1.123

- guest (vlan 708): 10.41.222.253

My LDAP server is: 190.1.1.22

The controller could ping the LDAP Server. And LDAP Server ping WLC too.

When the controller try to connect in the LDAP server, return this on debug:

ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).

*LDAP DB Task 1: Oct 29 15:11:16.924: %AAA-3-LDAP_CONNECT_SERVER_FAILED:

*LDAP DB Task 1: Oct 29 15:10:52.932: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)

*LDAP DB Task 1: Oct 29 15:10:54.932: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 1005 - LDAP bind failed)

*LDAP DB Task 1: Oct 29 15:10:54.932: ldapClose [1] called lcapi_close (rc = 0 - Success)

*LDAP DB Task 1: Oct 29 15:10:54.933: LDAP server 1 changed state to IDLE

*LDAP DB Task 1: Oct 29 15:10:54.933: LDAP server 1 changed state to RETRY

*LDAP DB Task 1: Oct 29 15:10:54.933: LDAP_OPT_REFERRALS = -1

Someone could help me please?

Thanks

4 REPLIES 4
Highlighted
Cisco Employee

Per Best practice keep the LDAP server on Management vlan or on vlan that is not part of dynamic vlan interface of wlc.

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml

Highlighted

Hello Saravanan, thanks for your reply.

But because our environment, I can not put in vlan management. I need to be on a separate VLAN, it will not work well?

Highlighted

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080810880.shtml

It is important to avoid configuring a dynamic interface in the same sub network as a server that has to be reachable by the controller CPU, for example a RADIUS server, as it might cause asymmetric routing issues.

Highlighted

Thanks for your reply.

unfortunately I can not change my environment at the moment. I'll need to think of something to solve the problem with my current scenario, using the AD in a dynamic interface.
But various tests failed.