Controllerless Networks

Reply
New Contributor
Posts: 4
Registered: ‎01-12-2017

IAP+LDAP

[ Edited ]

Hi guys,

 

I have a issue. I've got LDAP authentication working but i need to point to the specific CN for Base-DN (See below).

 

The thing is the AD has all the users scattered across a _lot_ of OUs and this is a problem for me. If I remove CN=Users and leave DC=xxx,DC=com then it won't work.

 

Is there any way to recurse through the entire AD and if there is what should be in the Base-DN.

 

Also, the GTC token thing doesn't work for Windows 10. In Windows 7 I'm able to authenticate but the connection will fail in Windows 10. Some assistance here would be much appreciated :)

 

 

Thanks in advance!

 

Daniel

 

 

 

 

Guru Elite
Posts: 21,281
Registered: ‎03-29-2007

Re: IAP+LDAP

You would deal with a majority of your issues (having to install EAP-GTC, having to figure out what container to authenticate users to), if you switch to using a radius server, instead...

 

Typically you should just be able to use DC=Com, DC=Domain, but you might have to enable ldap debugging on your LDAP server to determine what is wrong.

 

Again, switching to radius for 802.1x is a better way to do encryption and it provides more opportunities for troubleshooting.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 4
Registered: ‎01-12-2017

Re: IAP+LDAP

[ Edited ]

Hi Colin,

 

Thanks for replying. However the end does not want to use a Radius... we got to find a way to recurse through the OUs somehow.

New Contributor
Posts: 4
Registered: ‎01-12-2017

Re: IAP+LDAP

[ Edited ]

Anyone has any ideas? Since the end user doesn't want a radius server...

 

Any assistance greatly appreciated.

 

TIA :)

Guru Elite
Posts: 21,281
Registered: ‎03-29-2007

Re: IAP+LDAP

Well,

 

I am waiting for someone who still uses LDAP to answer...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 4
Registered: ‎01-12-2017

Re: IAP+LDAP

[ Edited ]

yea i know it's a long shot, but it's worth a try......

 

thanks Colin. appreciate it.

Aruba Employee
Posts: 209
Registered: ‎03-26-2013

Re: IAP+LDAP

You can try using the plugin ldp.exe to find out the base DN for the OU you are interested in & then check if that helps

New Contributor
Posts: 1
Registered: ‎12-20-2009

Re: IAP+LDAP

thanks... but the thing is.... they have like 60+ companies in the group and each of them has their own AD structure. so the users are scattered across all these OUs and are in multiple CNs, and they would like to recurse through the whole thing when a user logs in.

Search Airheads
Showing results for 
Search instead for 
Did you mean: