cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
397
Views
0
Helpful
2
Replies
PaulReveco
Beginner

WLC a LDAP | Invalid credentials

A direct connection with the client AD was enabled, to correct a problem with the ACS, but it gives credentials error.

It could be that the container is wrong indicated.

 

 

(Cisco Controller) >show ldap summary

Idx Server Address Port Enabled Secure Bind
--- ------------------------- ------ ------- ------ ------------
1 10.3.0.15 389 Yes No Authenticated

(Cisco Controller) >show ldap 1

Server Index..................................... 1
Address.......................................... 10.3.0.15
Port............................................. 389
Server State..................................... Enabled
User DN.......................................... CN=wifitest
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 2 seconds
Secure (via TLS)................................. Disabled
Bind Method ..................................... Authenticated
Bind Username.................................... CN=Users,DC=*****,DC=cl

 

 


*LDAP DB Task 1: Sep 03 16:19:44.229: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
*LDAP DB Task 1: Sep 03 16:19:44.246: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 49 - Invalid credentials)
*LDAP DB Task 1: Sep 03 16:19:44.246: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Sep 03 16:19:44.246: LDAP server 1 changed state to IDLE
*LDAP DB Task 1: Sep 03 16:19:44.246: LDAP server 1 changed state to RETRY
*LDAP DB Task 1: Sep 03 16:19:44.246: LDAP_OPT_REFERRALS = -1

*LDAP DB Task 1: Sep 03 16:19:44.246: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
*LDAP DB Task 1: Sep 03 16:19:44.264: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 49 - Invalid credentials)
*LDAP DB Task 1: Sep 03 16:19:44.264: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Sep 03 16:19:44.264: LDAP server 1 changed state to IDLE
*LDAP DB Task 1: Sep 03 16:19:44.264: LDAP server 1 changed state to ERROR
*LDAP DB Task 1: Sep 03 16:19:44.264: Handling LDAP response Internal Error
*LDAP DB Task 1: Sep 03 16:19:44.264: Ldap server tried attempt 1
*LDAP DB Task 1: Sep 03 16:19:59.233: ldapTask [1] received msg 'TIMER' (1) in state 'ERROR' (5)
*LDAP DB Task 1: Sep 03 16:19:59.233: LDAP server 1 changed state to IDLE

 

 

MicrosoftTeams-image.png

MicrosoftTeams-image (1).png

 

 

2 REPLIES 2
Arshadsaf
Collaborator

This is definitely configuration error at WLC side, could you please re-verify the credentials configured at WLC side.

Refer the below thread, could be helpful for you

https://community.cisco.com/t5/wireless-mobility-documents/how-to-configure-wireless-lan-controller-wlc-for-lightweight/ta-p/3128687

 

______________
Arshad Safrulla

Understanding the logic, of the wifitest user, the following appears in the user's properties;

 

Miembro de:

Usuarios del dominio..clientx.cl/Users
UsuariosWificlientx.cl/Admins Groups

 

Based on the above, I would assume that the user wifitest, that the Bind Username: = wifitest and the password is that of this user.

 

notice that the timeout in your example was 10, so modify it.

(Cisco Controller) >show ldap 1

Server Index..................................... 1
Address.......................................... 10.3.0.15
Port............................................. 389
Server State..................................... Enabled
User DN.......................................... CN=Users,DC=clientX,DC=cl
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 10 seconds
Secure (via TLS)................................. Disabled
Bind Method ..................................... Authenticated
Bind Username.................................... wifitest

(Cisco Controller) >

Create
Recognize Your Peers
Content for Community-Ad