Security

Reply
Contributor I

Airwave mgmt authentication log

I am trying to get management access to Airwave setup with AD and LDAP.  I found the guide and it seems straight forward but it is failing.  Where can I find the logging to troubleshoot this issue?

Aruba Partner Ambassador ACMX #252, ACDX #824,ACCP, ACSA, AWMP, CCNP Wireless & Security
Guru Elite

Re: Airwave mgmt authentication log

What is mandatory is that your LDAP user needs a "role attribute", which is an attribute in LDAP which would indicate whole administration role a user would have when logging into an Airwave instance as an administrator.  Without the "role attribute" which contains the role a user will have (typically root), the user cannot be authenticated:  https://<ip address of your Airwave Server>/static/UserGuide/UserGuide.htm#AWUserGuide/Chapter2_Config/Configuring_LDAP_Authent.htm#03config_4106802467_1168308

 

It is much easier doing this with radius, where you would only have to return a radius attribute for management authentication, instead of altering your LDAP schema.

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Contributor I

Re: Airwave mgmt authentication log

Thanks for the reply.  If I had my choice I would move the customer off their ACS server to ClearPass completly. But I have been asked to setup LDAP for the time being.  I did a role maping rule at the bottom of the LDAP config that says if you are "memberof" admins group you get root role.  But when testing, it imediatly fails and I have no feedback on why it fails.

Aruba Partner Ambassador ACMX #252, ACDX #824,ACCP, ACSA, AWMP, CCNP Wireless & Security
Guru Elite

Re: Airwave mgmt authentication log

Do you have it setup like this?  http://community.arubanetworks.com/t5/Monitoring-Management-Location/Does-Airwave-support-LDAP-rules-to-assign-AMP-user-role/ta-p/216463

 

The unfortunate part about LDAP, is that there is little feedback on the LDAP server about what is wrong.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Contributor I

Re: Airwave mgmt authentication log

Yes, that is how I attempted to set it up.  I appreciate the feedback..  You validated my suspicions.  I figured my only option would be some poor windows event log.  I am trying to get the customer to use the CP cluster as it is obvioulsy the right solution.

Aruba Partner Ambassador ACMX #252, ACDX #824,ACCP, ACSA, AWMP, CCNP Wireless & Security
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: