Security

Reply
MVP
Posts: 2,866
Registered: ‎10-25-2011

LDAP For Operators login

I was trying to set this up like we did on our Clearpass Guest class but im unable...

Do we have to do somethign on the AD to make this work?

 

Im trying this on the Clearpass Server

Server URL:ldap://172.16.3.31/ou=Users,ou=Grupos_Usuarios,dc=abc,dc=local

 

bind dn = putting a user with domain administrative rights

bind password= the password of that user

 

i get this error

LDAP Bind failed: Invalid credentials (80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v23f0), bind DN was: cdelarosa

 

do i need to activate something on the AD to make this work? or i need  soemthign else?

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Aruba
Posts: 113
Registered: ‎11-21-2011

Re: LDAP For Operators login

"AcceptSecurityContext error, data 52e" means: invalid credentials.  This means your username or password is incorrect.

 

If you are sure your password is correct, try specifying the DN of the bind user, instead of just the username.

MVP
Posts: 2,866
Registered: ‎10-25-2011

Re: LDAP For Operators login

You mean like this?

CN=cdelarosa,CN=Users,CN=Colaboradores,DC=abc,DC=local

 

the user is cdelarosa

its contained on

Users

Sub OU = Colaboradores

 

The domain is abc.local

 

 

Im sure the pasword is correct... i even copy and pasted it to be sure i was typing it correctly

 

Error

LDAP Bind failed: Invalid credentials (80090308: LdapErr: DSID-0C0903C5,
comment: AcceptSecurityContext error, data 52e, v23f0), bind DN was:
CN=cdelarosa,CN=Users,CN=Colaboradores,DC=abc,DC=local

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Aruba
Posts: 1,526
Registered: ‎06-12-2012

Re: LDAP For Operators login

Are you using any special characters in the password... :;>)+ there was a known issues with binding with a special character.  Try using a simple password and see if the fixes the issue

 

From the Release Notes

 

"Domain join operations will fail if the domain password contains special characters such as a space,

quotes, or a “$” symbol."

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
MVP
Posts: 2,866
Registered: ‎10-25-2011

Re: LDAP For Operators login

Hello Arnold i already tried that...

My password had a dot  i mean .

 

i made a new user without any character in the password didnt work either...

 

The configuration doesnt seems to be hard

On the server URL

ldap://172.16.3.31/ou=Users,ou=Grupos_Usuarios,dc=abc,dc=local

 

Thats the ip of the domain controller

Users is the OU that contain the group of the operators i designed which is cpoperators, inside that group my username is the one that belongs to that group

 

now on the BN

 

CN=cpoperator,CN=Users,DC=abc,DC=local

 

cpoperator is the user im using to authenticate,  it is inside the ou Users in the domain abc.local

 

Isnt that correct?

 

 

I am missing something?

 

I could even join to the domain with no issue with my user name...

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Aruba
Posts: 113
Registered: ‎11-21-2011

Re: LDAP For Operators login

Maybe you need "OU=Users" rather than "CN=Users" ?

 

Check your DN very carefully.

MVP
Posts: 2,866
Registered: ‎10-25-2011

Re: LDAP For Operators login

I got it correctly on the amigopod server i just made a typo when i was putting the message...

So thats not it :(

 

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
MVP
Posts: 2,866
Registered: ‎10-25-2011

Re: LDAP For Operators login

[ Edited ]

You were right Amigodave

 

The guy on the tac did a dsquery  which solve it

But it was not that i was putting the wrong DN because i was putting my user name as my login name like cdelarosa

Instead it was Carlos De La Rosa

 

CN=Carlos De La Rosa,OU=Colaboradores,OU=Users,DC=abc,DC=local

 

I was using

CN=cdelarosa,OU=Colaboradores,OU=Users,DC=alternetworks,DC=local

 

At the end was this last thing my bad! i should have checked with dsquery.

 

Anyways Thanks Amigodave

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
MVP
Posts: 702
Registered: ‎12-01-2010

Re: LDAP For Operators login

Thanks tarnold for quoting the release notes to us -- I hadn't noticed that line.

 

Banged my head for a day before I though to look for an authentication error from CP to AD.

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Search Airheads
Showing results for 
Search instead for 
Did you mean: