Security

Reply
Occasional Contributor II
Posts: 16
Registered: ‎09-04-2013

Ldap error server requires binds to turn on integrity checking

Working thru setting clear pass up with some AP/controllers. Domain controllers are 2008 R2 with one 2003 AD DC to be upgraded. Domain is still 2003 mixed.

 

Pointing at a DC (2K8) I get this error "Ldap error server requires binds to turn on integrity checking" but seems to work pointing at a 2003 AD DC.

 

Under GPO / Comp Conf / Wind Settings / Security Settings / Security Options  I see the following setting:

 

Network Security: LDAP client sigining requirements  not defined

 

Am I going down the right track here? Thoughts?

Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: Ldap error server requires binds to turn on integrity checking

droidboy,

 

We need more information.

 

Are you doing 802.1x, or pure LDAP?  Are you doing 802.1x for authentication then LDAP for authorization?  Which screeen in ClearPass are you configuring?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 16
Registered: ‎09-04-2013

Re: Ldap error server requires binds to turn on integrity checking

 

 

Clear Path Policy Manager

 

Configuration » Authentication » Sources » Add

 

AD over SSL Port 636

 

Add cred/password

Add domain

Add base DN

Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: Ldap error server requires binds to turn on integrity checking

Remove the SSL requirement as well as CA checking to see if it works..


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 16
Registered: ‎09-04-2013

Re: Ldap error server requires binds to turn on integrity checking

sorry this was for 802.1x, will try the change

Occasional Contributor II
Posts: 16
Registered: ‎09-04-2013

Re: Ldap error server requires binds to turn on integrity checking

Sorry you mean "Enable to verify Server Certificate for secure connection "?

Occasional Contributor II
Posts: 16
Registered: ‎09-04-2013

Re: Ldap error server requires binds to turn on integrity checking

SO LDAP 389 with no cert checking still fails

Aruba
Posts: 1,545
Registered: ‎06-12-2012

Re: Ldap error server requires binds to turn on integrity checking

So when you are at the AD settings and you click on search base DN does it error out there or just when a user auths with .1x?

Are you using a password with a special character?
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II
Posts: 16
Registered: ‎09-04-2013

Re: Ldap error server requires binds to turn on integrity checking

[ Edited ]

2013-09-05 16:13:35,201  [Th 7 Req 501 SessId R0000004d-01-522804ef] ERROR RadiusServer.Radius - rlm_ldap: user@here.local bind to 192.168.11.89:636 failed: Can't contact LDAP server
2013-09-05 16:13:35,201  [Th 7 Req 501 SessId R0000004d-01-522804ef] ERROR RadiusServer.Radius - rlm_ldap: (re)connection attempt failed

 

Laptop set up with 802.1x PEAP logs shows.....

 

 

"user auths with .1x?" fails drills down ok in Active Directory

Aruba
Posts: 1,545
Registered: ‎06-12-2012

Re: Ldap error server requires binds to turn on integrity checking

so when you go to Configuration » Authentication » Sources and click on the Search Base Dn link what does it show?
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: