cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3489
Views
0
Helpful
5
Replies

WLC and LDAP.

Rafael Jimenez
Level 4
Level 4

I have a problem with a ldap connection in a 2112 WLC.

I hava a WLC that suddenly stop to work with the ldap integration for webauth.

I checked that the Base DN, the bind user and bind password  are fine. Nothing changed.

It was working for years, but few days ago the integration is not working.

I suspect the problem is in the windows side.

The customer said that the do not make any changes in the Windows Domain Conntroller.

No firewall, no blocked port, etc. The WLC and the ldap server (windows DC) are in the same subnet.

I need make sure that the ldap service is working in the windows side. What are the requerements for the bind user?.

What tool can help me with this?.

Thanks.

PD.

The message in the console is the following:

*LDAP DB Task 2: Jun 05 10:33:13.795: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 2, reason: 1005 (LDAP bind failed).

*LDAP DB Task 1: Jun 05 10:33:16.994: %LOG-3-Q_IND: ldap_db.c:1038 Could not connect to LDAP server 2, reason: 1005 (LDAP bind failed).[...It occurred 2 times.!]

*LDAP DB Task 1: Jun 05 10:33:16.994: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 49 (Invalid credentials).

*LDAP DB Task 2: Jun 05 10:33:18.794: %LOG-3-Q_IND: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 49 (Invalid credentials).[...It occurred 2 times.!]

5 Replies 5

Amjad Abdullah
VIP Alumni
VIP Alumni

Actually the problem shown to be that your WLC is not able to connect to the AD.

seet that:

*LDAP DB Task 1: Jun 05 10:33:16.994: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 49 (Invalid credentials).

it is obviously metnioned an invalid credentials. Please double check username credentials. write them again on WLC if needed.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Thanks Amjad,

the credentials are fine. I checked that. I tested it login to the active directory. The credential never expires.

As I mentioned, It was working for years. suddenly stop. I sure the problem is in the windows AD side, but I need something to proof to the customer.

well, it does not necessarily that the credentials are incorrect, but the wlc at least does not see them correct.

i would again suggest you re-enter the credentials on wlc ldap configuration.

Try using simple bind and test if it works?

make sure that the correct ldap server is selected for the configuration.

also, try to check from windows side why the auth request refused which gives more accurate picture for you about why it fails.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Dude Simple bind wont work with AD by default.

Only Authenticated binding works with AD by default.

For Raf the requirements for bind user is the capability to read everything to be authenticated from AD.

For more about how AD LDAP works, check the following link:

http://technet.microsoft.com/en-us/library/cc755809%28v=ws.10%29.aspx

--------------------------------------------------------------------------------------

Please Dont forget to rate correct answers

you are right. anonymous bind not allowed by default with active directory. but the config example describes how to enable it.

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml

it is always more secure to use authenticated bind. anonymous bind should be only usedfor testing purposes.

HTH

Amjad

Sent from Cisco Technical Support iPad App

Rating useful replies is more useful than saying "Thank you"
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: