09-03-2021 02:52 PM
A direct connection with the client AD was enabled, to correct a problem with the ACS, but it gives credentials error.
It could be that the container is wrong indicated.
(Cisco Controller) >show ldap summary
Idx Server Address Port Enabled Secure Bind
--- ------------------------- ------ ------- ------ ------------
1 10.3.0.15 389 Yes No Authenticated
(Cisco Controller) >show ldap 1
Server Index..................................... 1
Address.......................................... 10.3.0.15
Port............................................. 389
Server State..................................... Enabled
User DN.......................................... CN=wifitest
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 2 seconds
Secure (via TLS)................................. Disabled
Bind Method ..................................... Authenticated
Bind Username.................................... CN=Users,DC=*****,DC=cl
*LDAP DB Task 1: Sep 03 16:19:44.229: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
*LDAP DB Task 1: Sep 03 16:19:44.246: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 49 - Invalid credentials)
*LDAP DB Task 1: Sep 03 16:19:44.246: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Sep 03 16:19:44.246: LDAP server 1 changed state to IDLE
*LDAP DB Task 1: Sep 03 16:19:44.246: LDAP server 1 changed state to RETRY
*LDAP DB Task 1: Sep 03 16:19:44.246: LDAP_OPT_REFERRALS = -1
*LDAP DB Task 1: Sep 03 16:19:44.246: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
*LDAP DB Task 1: Sep 03 16:19:44.264: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 49 - Invalid credentials)
*LDAP DB Task 1: Sep 03 16:19:44.264: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Sep 03 16:19:44.264: LDAP server 1 changed state to IDLE
*LDAP DB Task 1: Sep 03 16:19:44.264: LDAP server 1 changed state to ERROR
*LDAP DB Task 1: Sep 03 16:19:44.264: Handling LDAP response Internal Error
*LDAP DB Task 1: Sep 03 16:19:44.264: Ldap server tried attempt 1
*LDAP DB Task 1: Sep 03 16:19:59.233: ldapTask [1] received msg 'TIMER' (1) in state 'ERROR' (5)
*LDAP DB Task 1: Sep 03 16:19:59.233: LDAP server 1 changed state to IDLE
09-03-2021 04:16 PM
This is definitely configuration error at WLC side, could you please re-verify the credentials configured at WLC side.
Refer the below thread, could be helpful for you
09-05-2021 11:27 AM
Understanding the logic, of the wifitest user, the following appears in the user's properties;
Miembro de:
Usuarios del dominio.. | clientx.cl/Users |
UsuariosWifi | clientx.cl/Admins Groups |
Based on the above, I would assume that the user wifitest, that the Bind Username: = wifitest and the password is that of this user.
notice that the timeout in your example was 10, so modify it.
(Cisco Controller) >show ldap 1
Server Index..................................... 1
Address.......................................... 10.3.0.15
Port............................................. 389
Server State..................................... Enabled
User DN.......................................... CN=Users,DC=clientX,DC=cl
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 10 seconds
Secure (via TLS)................................. Disabled
Bind Method ..................................... Authenticated
Bind Username.................................... wifitest
(Cisco Controller) >
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: