Controllerless Networks

Hi everyone,

I am working with a customer to deploy an Instant cluster using their existing AD for user authentication. They have configured the cluster but are having problems authenticating. They have configured the WLAN to use LDAP for authentication, and have tested the AdminDN account succesfully. I am by no means an AD or LDAP expert so I am a bit stumped. 

They have users in several OUs under their main DC. When they configure: 

dc=customerdc,dc=inc

in the BaseDN field, the auth fails and they get an "ldap_search() failed: Operations error" message in the log.

When they configure:

ou=customerou,dc=customerdc,dc=inc

in the BaseDN field, authentication works for users in that specific OU.

Does anyone know how to configure this so that all users in all OUs under the main DC will authenticate?

Thanks,

Chris

Try to configure the base DN as only dc=customerdc,dc=inc

Hi cjoseph - we did that originally and that config produced the error as noted. Only with an additional OU listed did the auth work. Any idea why that might be?

I do not.

Are they using LDAP with Captive Portal pointing at AD?  If so using Radius to NPS instead could allow us to sidestep that, if you want to try it.

I am trying to configure LDAP authentication server also. Where I can see log, currently all is configured properly I think but still windows7 is kicking me out. I cannot find where is the log for that authentication service.

Hello!

You respond to a 5 year old topic - might be better of creating your own. Instant with LDAP has been discussed many times with more recent information.

For debugging - try the instant web training module 5. Here you will get information on how to troubleshoot the EAP process. More specifically between 4 and 7 minute..

http://www.arubanetworks.com/products/networking/aruba-instant/instant-training/