Reply
Contributor I
Posts: 50
Registered: ‎04-29-2008

LDAP error

Ok. We are attempting to use LDAP but get this message before we even attempt to auth:
|authmgr| ldapclient.c, ldap_auth_api:119: Invalid authentication protocol 4 for LDAP

Google, forums and knowledge base seem to have nada.

Anyone seen this and fixed it? Know what it is? Sniffer trace is unproductive...
We see no packets on the sniffer when we try an LDAP test from the diagnostics page. OS 3.4.05

Thanks
Guru Elite
Posts: 19,990
Registered: ‎03-29-2007

LDAP configuration for that server


Ok. We are attempting to use LDAP but get this message before we even attempt to auth:
|authmgr| ldapclient.c, ldap_auth_api:119: Invalid authentication protocol 4 for LDAP

Google, forums and knowledge base seem to have nada.

Anyone seen this and fixed it? Know what it is? Sniffer trace is unproductive...
We see no packets on the sniffer when we try an LDAP test from the diagnostics page. OS 3.4.05

Thanks




What is your LDAP configuration for that server? Has it ever worked? Are you using SSL? Did you try cleartext first?
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Contributor I
Posts: 50
Registered: ‎04-29-2008

Re: LDAP error

clear text cause a core dump:
An internal system error has occurred at file profmgr_msg.c function profmgr_read_bytes line 301 error Client /var/profmgr/auth connection closed.
Nov 2 15:49:13 :399803: |profmgr| An internal system error has occurred at file profmgr_msg.c function profmgr_read_bytes line 301 error Client /var/profmgr/auth_xr connection closed.
Nov 2 15:49:22 :303073: |nanny| Process /mswitch/bin/auth died: got signal SIGSEGV
Nov 2 15:49:30 :303029: |nanny| Process /mswitch/bin/auth : crash data saved in dir /flash//crash/processDied/11-2-2009@15-49-22/auth
Nov 2 15:49:30 :303025: |nanny| Found core file /tmp/core.1348.auth.A5xxx_22299, 8310784 bytes, compressing...
Nov 2 15:49:59 :303079: |nanny| Restarted process /mswitch/bin/auth, new pid 2121
Nov 2 15:49:59 :303080: |nanny| Please tar and email the file crash.tar to support@arubanetworks.com
Nov 2 15:49:59 :303081: |nanny| To tar type the following commands at the Command Line Interface: (1) tar crash (2) copy flash: crash.tar tftp:
lol
It has never worked.

conf:
aaa authentication-server ldap "CampusLDAP"
host 130.x.x.x
admin-dn "cn=svc_vpnbind,ou=service,ou=users,ou=enterprisesupport,dc=ad,dc=sfsu,dc=edu"
admin-passwd (xxxxx)aeb650a0921b820933aa878b438e8d1415eaa4db27818e0f3bb360ab8f58397c3397464aee99ae28d
authport 636
base-dn "dc=ad,dc=sfsu,dc=edu"
filter "(|(memberOf=cn=WirelessAccess,OU=Security,OU=Groups,DC=ad,DC=sfsu,DC=edu)(memberOf=cn=WirelessAccessCustom,OU=Security,OU=Groups,DC=ad,DC=sfsu,DC=edu))(!(memberOf=cn=WirelessAccessDenied,OU=Security,OU=Groups,DC=ad,DC=sfsu,DC=edu))"
key-attribute "SAMAccountName"
Guru Elite
Posts: 19,990
Registered: ‎03-29-2007

686


clear text cause a core dump:
An internal system error has occurred at file profmgr_msg.c function profmgr_read_bytes line 301 error Client /var/profmgr/auth connection closed.
Nov 2 15:49:13 :399803: |profmgr| An internal system error has occurred at file profmgr_msg.c function profmgr_read_bytes line 301 error Client /var/profmgr/auth_xr connection closed.
Nov 2 15:49:22 :303073: |nanny| Process /mswitch/bin/auth died: got signal SIGSEGV
Nov 2 15:49:30 :303029: |nanny| Process /mswitch/bin/auth : crash data saved in dir /flash//crash/processDied/11-2-2009@15-49-22/auth
Nov 2 15:49:30 :303025: |nanny| Found core file /tmp/core.1348.auth.A5xxx_22299, 8310784 bytes, compressing...
Nov 2 15:49:59 :303079: |nanny| Restarted process /mswitch/bin/auth, new pid 2121
Nov 2 15:49:59 :303080: |nanny| Please tar and email the file crash.tar to support@arubanetworks.com
Nov 2 15:49:59 :303081: |nanny| To tar type the following commands at the Command Line Interface: (1) tar crash (2) copy flash: crash.tar tftp:
lol
It has never worked.

conf:
aaa authentication-server ldap "CampusLDAP"
host 130.x.x.x
admin-dn "cn=svc_vpnbind,ou=service,ou=users,ou=enterprisesupport,dc=ad,dc=sfsu,dc=edu"
admin-passwd (xxxxx)aeb650a0921b820933aa878b438e8d1415eaa4db27818e0f3bb360ab8f58397c3397464aee99ae28d
authport 636
base-dn "dc=ad,dc=sfsu,dc=edu"
filter "(|(memberOf=cn=WirelessAccess,OU=Security,OU=Groups,DC=ad,DC=sfsu,DC=edu)(memberOf=cn=WirelessAccessCustom,OU=Security,OU=Groups,DC=ad,DC=sfsu,DC=edu))(!(memberOf=cn=WirelessAccessDenied,OU=Security,OU=Groups,DC=ad,DC=sfsu,DC=edu))"
key-attribute "SAMAccountName"




Why is your authport 636? LDAP is 389...
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Contributor I
Posts: 50
Registered: ‎04-29-2008

Re: LDAP error

authport for ssl is 636. Clear text is 389. In fact the device as well as a cisco vpn concentrator we have automatically change port depending on selection. The cisco box does not even show the port in its config unless the default is changed. We know the LDAP is working with other devices. The vpn stuff seems to work seamlessly.
Guru Elite
Posts: 19,990
Registered: ‎03-29-2007

Ldap




To be honest, LDAP is the most difficult thing to setup, because one missing character or misspelling, and it will not work. The best thing that you can do is model your queries and your LDAP server setup with desktop tool like JXplorer (http://jxplorer.org/) or LDAP Browser from Softerra (http://download.cnet.com/Softerra-LDAP-Browser/3000-10254_4-10706156.html) and then copy those working settings into the Aruba Controller. Start with a simple query that you know works and then build on that. The only options you will need to change in the Aruba controller after that is allow cleartext or not, or the LDAP port.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Contributor I
Posts: 50
Registered: ‎04-29-2008

Re: LDAP error

Ah. yeah! Unfortunately, I do the wireless (and other network stuff) the LDAP and Exchange comes from two other groups... The old radius works fine but the kerberos db stuff that fed it is going away.

We'll be trying RADIUS from the Exchange server. Does not explain all the errors on the controller though.
MVP
Posts: 702
Registered: ‎03-25-2009

Re: LDAP error


Ok. We are attempting to use LDAP but get this message before we even attempt to auth:
|authmgr| ldapclient.c, ldap_auth_api:119: Invalid authentication protocol 4 for LDAP




For anyone running into this issue later, here's a a quick FYI:

"Invalid authentication protocol 4 for LDAP" probably means you are trying to authenticate using mschapv2 instead of pap.
Ran into this while testing for ldap issues. Seems that the ldap in question was configured for PAP and when I tried aaa test-server with mschapv2 that error was given.
Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Contributor I
Posts: 31
Registered: ‎09-09-2010

Re: LDAP error

Awesome post..was having authentication issues until I switched to PAP.

Thanks
Search Airheads
Showing results for 
Search instead for 
Did you mean: