ArubaOS and Controllers

Reply
Occasional Contributor II
Posts: 53
Registered: ‎09-02-2010

Management Authenication Profile

Hi All,
I am new to Aruba, and have been tasked in pointing Aruba Management GUI at our ldap server. I have done the normal setup the ldap servers add a server group and pointed the Management Authentication Profile at the server group. I have check in the terminal that Aruba can see the ldap server and can query a user which it does fine, and comes back and shows me the right group. But when I try and log in to the GUI as that LDAP user it comes back with a logging error.

Can any one help, I have attached screenshoots.
Guru Elite
Posts: 19,974
Registered: ‎03-29-2007

Turn on Authmgr debugging


Hi All,
I am new to Aruba, and have been tasked in pointing Aruba Management GUI at our ldap server. I have done the normal setup the ldap servers add a server group and pointed the Management Authentication Profile at the server group. I have check in the terminal that Aruba can see the ldap server and can query a user which it does fine, and comes back and shows me the right group. But when I try and log in to the GUI as that LDAP user it comes back with a logging error.

Can any one help, I have attached screenshoots.




LukeC64, you should turn on authmgr debugging to see why the controller is rejecting you. Do this:

config t
logging level debugging security process authmgr


After you do that, stay logged in on the commandline, and then try to login using the GUI. After you get a rejection, do a "show log security 50" to see why you are being rejected. Have you already done a aaa test-server to ensure that you are using the correct username as password?
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor II
Posts: 53
Registered: ‎09-02-2010

Re: Management Authenication Profile

Hi Mate,
Done the log thing and I am getting this error.

Sep 6 15:34:28 :125022: |aaa| Authentication failed for User lcameron, Logged in from 172.16.5.121 port 4711, Connecting to 172.16.1.234 port 4343 connection type HTTPS

Done aaa test-server and says Authenication Sucessful.
Occasional Contributor II
Posts: 53
Registered: ‎09-02-2010

Re: Management Authenication Profile

Fixed now dude, thanks for your help.
Occasional Contributor II
Posts: 10
Registered: ‎11-05-2010

Re: Management Authenication Profile

Sorry to revive this old thread but I'm having this same problem and unfortunately the OP didn't post what finally got this working.

I also get the " |aaa| Authentication failed for User..." message while the debugs show:
Jun 15 13:18:06 :124004: |authmgr| rule: set role condition groupMembership contains "NA-Aruba-Admin" set-value root
Jun 15 13:18:06 :124004: |authmgr| Value Pair to match memberOf : CN=NA-Aruba-Admin,OU=Groups,OU=NA-Admin,DC=na,DC=company,DC=com

but then I just get dumped into the default role of no access. So it looks like it's not matching on the group name for some reason even though it looks to be receiving the account attributes. Any ideas?
Guru Elite
Posts: 19,974
Registered: ‎03-29-2007

Re: Management Authenication Profile

When you do a "aaa query-user" what attributes do you see returned?
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor II
Posts: 10
Registered: ‎11-05-2010

Re: Management Authenication Profile

I get a couple pages of output, one of the lines of output is:
memberOf: CN=NA-Aruba-Admin,OU=Groups,OU=NA-Admin,DC=na,DC=company,DC=com

testing both servers in the auth group return the same output.
Guru Elite
Posts: 19,974
Registered: ‎03-29-2007

Re: Management Authenication Profile

So then your statement should be:

set role condition memberOf contains NA-Aruba-Admin
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor II
Posts: 10
Registered: ‎11-05-2010

Re: Management Authenication Profile

Bah, that was it, thanks. I was using "groupMembership" instead of "memberOf".
Search Airheads
Showing results for 
Search instead for 
Did you mean: