WLC and LDAP.

Unanswered Question
Jun 6th, 2012

I have a problem with a ldap connection in a 2112 WLC.

I hava a WLC that suddenly stop to work with the ldap integration for webauth.

I checked that the Base DN, the bind user and bind password  are fine. Nothing changed.

It was working for years, but few days ago the integration is not working.

I suspect the problem is in the windows side.

The customer said that the do not make any changes in the Windows Domain Conntroller.

No firewall, no blocked port, etc. The WLC and the ldap server (windows DC) are in the same subnet.

I need make sure that the ldap service is working in the windows side. What are the requerements for the bind user?.

What tool can help me with this?.

Thanks.

PD.

The message in the console is the following:

*LDAP DB Task 2: Jun 05 10:33:13.795: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 2, reason: 1005 (LDAP bind failed).

*LDAP DB Task 1: Jun 05 10:33:16.994: %LOG-3-Q_IND: ldap_db.c:1038 Could not connect to LDAP server 2, reason: 1005 (LDAP bind failed).[...It occurred 2 times.!]

*LDAP DB Task 1: Jun 05 10:33:16.994: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 49 (Invalid credentials).

*LDAP DB Task 2: Jun 05 10:33:18.794: %LOG-3-Q_IND: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 49 (Invalid credentials).[...It occurred 2 times.!]

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Amjad Abdullah Sat, 06/09/2012 - 04:12

Actually the problem shown to be that your WLC is not able to connect to the AD.

seet that:

*LDAP DB Task 1: Jun 05 10:33:16.994: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 49 (Invalid credentials).

it is obviously metnioned an invalid credentials. Please double check username credentials. write them again on WLC if needed.

HTH

Amjad

rafaeljimenez Sat, 06/09/2012 - 08:04

Thanks Amjad,

the credentials are fine. I checked that. I tested it login to the active directory. The credential never expires.

As I mentioned, It was working for years. suddenly stop. I sure the problem is in the windows AD side, but I need something to proof to the customer.

Amjad Abdullah Sat, 06/09/2012 - 10:43

well, it does not necessarily that the credentials are incorrect, but the wlc at least does not see them correct.

i would again suggest you re-enter the credentials on wlc ldap configuration.

Try using simple bind and test if it works?

make sure that the correct ldap server is selected for the configuration.

also, try to check from windows side why the auth request refused which gives more accurate picture for you about why it fails.

HTH

Amjad

maldehne Wed, 06/13/2012 - 23:13

Dude Simple bind wont work with AD by default.

Only Authenticated binding works with AD by default.

For Raf the requirements for bind user is the capability to read everything to be authenticated from AD.

For more about how AD LDAP works, check the following link:

http://technet.microsoft.com/en-us/library/cc755809%28v=ws.10%29.aspx

--------------------------------------------------------------------------------------

Please Dont forget to rate correct answers

Amjad Abdullah Fri, 06/15/2012 - 05:19

you are right. anonymous bind not allowed by default with active directory. but the config example describes how to enable it.

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml

it is always more secure to use authenticated bind. anonymous bind should be only usedfor testing purposes.

HTH

Amjad

Sent from Cisco Technical Support iPad App

Actions

Login or Register to take actions

This Discussion

Posted June 6, 2012 at 11:31 AM
Stats:
Replies:5 Avg. Rating:
Views:2049 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard