Security

Reply
Occasional Contributor II
Posts: 44
Registered: ‎11-22-2013

URL resolve with 2 IP

Guys,

 

i'm having an issue whereby sometimes when the user try to authenticate to the web login page will result in some of the logs :

 

'Bind as user failed'
'PAP: Authentication failed'

 

even the user entered the correct password

 

and the other log will be accept.

 

FYi, in access tracker, the traffic will send to both CPPM, the traficc that will send to Publisher will be accept, and to subsriber will be rejected.

 

we are running clustering, the reason why the URL redirectiion is point to 2 IP is to make the user to have seemless experience if one of the server is down for the SSID that authentication to the web login page like Onguest 

 

 

Help me Aruba gurus...

MVP
Posts: 514
Registered: ‎11-04-2011

Re: URL resolve with 2 IP

The message: Bind as user failed means that ClearPass tries to connect to the LDAP server with the client provided credentials and that authentication fails. So I would check all the settings for your second LDAP server. Things that I would start doing: Check if (if used) the server certificate/ca of your LDAP server is added to your ClearPass subscriber; if you don't use encryption, in some LDAP servers you need to configure ClearPass as a client that is allowed to connect without encryption; check firewalls/filters between the ClearPass and the LDAP; check DNS on the ClearPass subscriber if it can find your LDAP; check the LDAP server logs; do a packet capture both on ClearPass and LDAP server to see if the LDAP connection is setup. Packet capture on ClearPass is in the Server Management, Collect Logs option.

 

Hope this helps, otherwise, please work with Aruba TAC on this issue to troubleshoot.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
Showing results for 
Search instead for 
Did you mean: