Welcome to Cisco Support Community. We would love to have your feedback.
For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.
I have a problem with a ldap connection in a 2112 WLC.
I hava a WLC that suddenly stop to work with the ldap integration for webauth.
I checked that the Base DN, the bind user and bind password are fine. Nothing changed.
It was working for years, but few days ago the integration is not working.
I suspect the problem is in the windows side.
The customer said that the do not make any changes in the Windows Domain Conntroller.
No firewall, no blocked port, etc. The WLC and the ldap server (windows DC) are in the same subnet.
I need make sure that the ldap service is working in the windows side. What are the requerements for the bind user?.
What tool can help me with this?.
The message in the console is the following:
*LDAP DB Task 2: Jun 05 10:33:13.795: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 2, reason: 1005 (LDAP bind failed).
*LDAP DB Task 1: Jun 05 10:33:16.994: %LOG-3-Q_IND: ldap_db.c:1038 Could not connect to LDAP server 2, reason: 1005 (LDAP bind failed).[...It occurred 2 times.!]
*LDAP DB Task 1: Jun 05 10:33:16.994: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 49 (Invalid credentials).
*LDAP DB Task 2: Jun 05 10:33:18.794: %LOG-3-Q_IND: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 49 (Invalid credentials).[...It occurred 2 times.!]
Actually the problem shown to be that your WLC is not able to connect to the AD.
it is obviously metnioned an invalid credentials. Please double check username credentials. write them again on WLC if needed.
the credentials are fine. I checked that. I tested it login to the active directory. The credential never expires.
As I mentioned, It was working for years. suddenly stop. I sure the problem is in the windows AD side, but I need something to proof to the customer.
well, it does not necessarily that the credentials are incorrect, but the wlc at least does not see them correct.
i would again suggest you re-enter the credentials on wlc ldap configuration.
Try using simple bind and test if it works?
make sure that the correct ldap server is selected for the configuration.
also, try to check from windows side why the auth request refused which gives more accurate picture for you about why it fails.
Dude Simple bind wont work with AD by default.
Only Authenticated binding works with AD by default.
For Raf the requirements for bind user is the capability to read everything to be authenticated from AD.
For more about how AD LDAP works, check the following link:
Please Dont forget to rate correct answers
you are right. anonymous bind not allowed by default with active directory. but the config example describes how to enable it.
it is always more secure to use authenticated bind. anonymous bind should be only usedfor testing purposes.
Sent from Cisco Technical Support iPad App