Controllerless Networks

Reply
New Contributor

IAP+LDAP

Hi guys,

 

I have a issue. I've got LDAP authentication working but i need to point to the specific CN for Base-DN (See below).

 

The thing is the AD has all the users scattered across a _lot_ of OUs and this is a problem for me. If I remove CN=Users and leave DC=xxx,DC=com then it won't work.

 

Is there any way to recurse through the entire AD and if there is what should be in the Base-DN.

 

Also, the GTC token thing doesn't work for Windows 10. In Windows 7 I'm able to authenticate but the connection will fail in Windows 10. Some assistance here would be much appreciated :)

 

 

Thanks in advance!

 

Daniel

 

 

 

 

Guru Elite

Re: IAP+LDAP

You would deal with a majority of your issues (having to install EAP-GTC, having to figure out what container to authenticate users to), if you switch to using a radius server, instead...

 

Typically you should just be able to use DC=Com, DC=Domain, but you might have to enable ldap debugging on your LDAP server to determine what is wrong.

 

Again, switching to radius for 802.1x is a better way to do encryption and it provides more opportunities for troubleshooting.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: IAP+LDAP

Hi Colin,

 

Thanks for replying. However the end does not want to use a Radius... we got to find a way to recurse through the OUs somehow.

New Contributor

Re: IAP+LDAP

Anyone has any ideas? Since the end user doesn't want a radius server...

 

Any assistance greatly appreciated.

 

TIA :)

Guru Elite

Re: IAP+LDAP

Well,

 

I am waiting for someone who still uses LDAP to answer...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: IAP+LDAP

yea i know it's a long shot, but it's worth a try......

 

thanks Colin. appreciate it.

Aruba Employee

Re: IAP+LDAP

You can try using the plugin ldp.exe to find out the base DN for the OU you are interested in & then check if that helps

New Contributor

Re: IAP+LDAP

thanks... but the thing is.... they have like 60+ companies in the group and each of them has their own AD structure. so the users are scattered across all these OUs and are in multiple CNs, and they would like to recurse through the whole thing when a user logs in.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: