Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

WLC and LDAP integration issue

hello,

I configured a WLC to integrate with LDAP, it is working just fine when I use only one Active Directory server but I have other users in other Active Directory Server. when I enable both servers and some users try to login with the second server WLC breakes for a little while, it is unable to configuring the equipment nor telnet it during that time and the users can not be authenticated anymore, I have to disable both servers and then enable just one of them in order users can login again. I also saw this behavior when more than 4 users try to connect to the same AP at a time.

does anybody know why this is happening and how to avoid it?

thank you very much for your help

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: WLC and LDAP integration issue

Yeah, that leads me to believe that your RADIUS isn't properly configured. I should have made it more clear, but in order to do 802.1x, you have to have either an IAS or ACS which extends your AD (or LDAP I suppose, but I'm not certain it's supported). You can't just point your controller to your AD, it simply won't work.

4 REPLIES
Community Member

Re: WLC and LDAP integration issue

I think you are getting a couple things confused here... The WLC authenticates against a RADIUS which an IAS server can be set up as. I'm not certain, but I'm pretty sure you can only set up one RADIUS per WLAN, but I might be wrong. What you should do instead, is set up two different WLANs, one for each AD.

Community Member

Re: WLC and LDAP integration issue

hi Elliot,

Thank you for your reply, I also try that, but the problem is that after one or two user are authenticated the connection between LDAP and WLC seems to be lost and the third user gets "Login error" message, in the aaa debugs it shows the following messages:

Returning AAA Error 'No Server' (-7) for mobile 00:21:e9:57:3c:bf
*Jun 22 20:31:44.248: AuthorizationResponse: 0x1eeafe24

*Jun 22 20:32:10.229: 00:21:e9:57:3c:bf Returning AAA Error 'No Server' (-7) for mobile 00:21:e9:57:3c:bf
*Jun 22 20:32:10.229: AuthorizationResponse: 0x1eebb3ec

any ideas?

Community Member

Re: WLC and LDAP integration issue

Yeah, that leads me to believe that your RADIUS isn't properly configured. I should have made it more clear, but in order to do 802.1x, you have to have either an IAS or ACS which extends your AD (or LDAP I suppose, but I'm not certain it's supported). You can't just point your controller to your AD, it simply won't work.

Community Member

Re: WLC and LDAP integration issue

Thank you for your reply, I'll check it

1942
Views
0
Helpful
4
Replies
CreatePlease to create content