Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1433
Views
0
Helpful
1
Replies

WLC Local EAP & LDAP authentication

chevymannie
Level 1
Level 1

‎05-12-2016 01:16 PM - edited ‎07-05-2021 05:03 AM

I'm trying to get an SSID to authenticate users using local EAP with LDAP.  The customer doesn't want to use a RADIUS server.  I've got the LDAP server configured and when I do a debug aaa ldap enable I can see a successful bind, but the authentication fails.  I get the following error:

*LDAP DB Task 1: May 12 14:44:50.714: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
*LDAP DB Task 1: May 12 14:44:50.717: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 0 - Success)
*LDAP DB Task 1: May 12 14:44:50.717: LDAP server 1 changed state to CONNECTED
*LDAP DB Task 1: May 12 14:44:50.717: disabled LDAP_OPT_REFERRALS

*LDAP DB Task 1: May 12 14:44:50.717: LDAP_CLIENT: UID Search (base=OU=Departments,DC=mydomain,DC=com, pattern=(&(objectclass=Person)(sAMAccountName=user@mydomain.com)))
*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT: ldap_search_ext_s returns 0 -5
*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT: Returned 1 msgs including 0 references
*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT: Returned msg 1 type 0x65
*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT : No matched DN
*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT : Check result error 0 rc 1013
*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT: Received no referrals in search result msg
*LDAP DB Task 1: May 12 14:44:50.718: LDAP_CLIENT: Received 1 attributes in search result msg
*LDAP DB Task 1: May 12 14:44:50.718: ldapAuthRequest [1] 172.16.4.30 - 389 called lcapi_query base="OU=Departments,DC=mydomain,DC=com" type="Person" attr="sAMAccountName" user="user@mydomain.com" (rc = 0 - Success)
*LDAP DB Task 1: May 12 14:44:50.718: Handling LDAP response Authentication Failed
*LDAP DB Task 1: May 12 14:44:50.718: Authenticated bind : Closing the binded session

We've verified the credentials and tried all of the options in the EAP profile?  Anyone have this working that can help out?  Is there something else specific I need to do on the client side?

1 person had this problem
Labels:
0 Helpful
1 Reply 1

mohanak
Cisco Employee
Cisco Employee

‎05-12-2016 06:15 PM

Scenario 16: Client authentication failed on LDAP

Debug run

debug aaa ldap enable

*LDAP DB Task 1: Feb 07 17:19:46.535: LDAP_CLIENT: Received no referrals in search result msg 
*LDAP DB Task 1: Feb 07 17:19:46.535: LDAP_CLIENT: Received 1 attributes in search result msg 
*LDAP DB Task 1: Feb 07 17:19:46.535: ldapAuthRequest [1] called lcapi_query base="CN=Users,DC=gceaaa,DC=com" type="person" attr="sAMAccountName" user="ish" (rc = 0 - Success) 
*LDAP DB Task 1: Feb 07 17:19:46.535: Handling LDAP response Authentication Failed //Failed auth
*LDAP DB Task 1: Feb 07 17:19:46.536: Authenticated bind : Closing the binded session

Workaround

Check LDAP server for reject reasons.

http://www.cisco.com/c/en/us/support/docs/wireless/5508-wireless-controller/200072-Cheat-Sheet-Common-Wireless-issues.html#anc18

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card