Security

Reply
Occasional Contributor II
Posts: 22
Registered: ‎03-14-2014

Airwave mgmt authentication log

I am trying to get management access to Airwave setup with AD and LDAP.  I found the guide and it seems straight forward but it is failing.  Where can I find the logging to troubleshoot this issue?

ACMX #252, ACCP, AWMP, CCNP Wireless & Security
Guru Elite
Posts: 19,995
Registered: ‎03-29-2007

Re: Airwave mgmt authentication log

What is mandatory is that your LDAP user needs a "role attribute", which is an attribute in LDAP which would indicate whole administration role a user would have when logging into an Airwave instance as an administrator.  Without the "role attribute" which contains the role a user will have (typically root), the user cannot be authenticated:  https://<ip address of your Airwave Server>/static/UserGuide/UserGuide.htm#AWUserGuide/Chapter2_Config/Configuring_LDAP_Authent.htm#03config_4106802467_1168308

 

It is much easier doing this with radius, where you would only have to return a radius attribute for management authentication, instead of altering your LDAP schema.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor II
Posts: 22
Registered: ‎03-14-2014

Re: Airwave mgmt authentication log

Thanks for the reply.  If I had my choice I would move the customer off their ACS server to ClearPass completly. But I have been asked to setup LDAP for the time being.  I did a role maping rule at the bottom of the LDAP config that says if you are "memberof" admins group you get root role.  But when testing, it imediatly fails and I have no feedback on why it fails.

ACMX #252, ACCP, AWMP, CCNP Wireless & Security
Guru Elite
Posts: 19,995
Registered: ‎03-29-2007

Re: Airwave mgmt authentication log

Do you have it setup like this?  http://community.arubanetworks.com/t5/Monitoring-Management-Location/Does-Airwave-support-LDAP-rules-to-assign-AMP-user-role/ta-p/216463

 

The unfortunate part about LDAP, is that there is little feedback on the LDAP server about what is wrong.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor II
Posts: 22
Registered: ‎03-14-2014

Re: Airwave mgmt authentication log

Yes, that is how I attempted to set it up.  I appreciate the feedback..  You validated my suspicions.  I figured my only option would be some poor windows event log.  I am trying to get the customer to use the CP cluster as it is obvioulsy the right solution.

ACMX #252, ACCP, AWMP, CCNP Wireless & Security
Search Airheads
Showing results for 
Search instead for 
Did you mean: