Hi,

We need tointegrate our WLC 9800 with LDAP with mode secure on port 636

This is to authenticate our clients when connecting to SSID to enter domain credentials

We have finished below

1- got root cert from Microsoft team then I trusted it

2- Generate CSR thn signed by microsoft team CA server with template web server and base 64 encoding then we import it into WLC

3- Add LDAP server on WLC [with IP, port 636, user dn and base - but without attribute mapping that I don't know if it is required or not and what to use here]

4- add ldap group to include ldap server

5- add method list for authentication with type = login, group type = group , and this include ldap group

6- didn't create method list for authorization as I think it denied our access to login to the WLC GUI, so I delete it

7- Edit the wireless LAN security setting, Layer 2 = none  [open] , layer 3 checked web policy and select both auth parameter and auth list configured before

The problem is that when the client enter his domain credential after connecting to SSID , he got error [ Authentication server is unavailable] and I see error " auth failed, AAA server down " on WLC log

The client see the WLC virtual ip on the login web page 192.0.2.1

I checked "show ldap server all" on WLC nd found state is ALIVE with the configured LDAP parameters [ip, port 636, dn user ..]

What I'm missing here to get this work

Thanks