05-06-2016 07:46 PM
i'm having an issue whereby sometimes when the user try to authenticate to the web login page will result in some of the logs :
'Bind as user failed'
'PAP: Authentication failed'
even the user entered the correct password
and the other log will be accept.
FYi, in access tracker, the traffic will send to both CPPM, the traficc that will send to Publisher will be accept, and to subsriber will be rejected.
we are running clustering, the reason why the URL redirectiion is point to 2 IP is to make the user to have seemless experience if one of the server is down for the SSID that authentication to the web login page like Onguest
Help me Aruba gurus...
05-08-2016 03:07 AM
The message: Bind as user failed means that ClearPass tries to connect to the LDAP server with the client provided credentials and that authentication fails. So I would check all the settings for your second LDAP server. Things that I would start doing: Check if (if used) the server certificate/ca of your LDAP server is added to your ClearPass subscriber; if you don't use encryption, in some LDAP servers you need to configure ClearPass as a client that is allowed to connect without encryption; check firewalls/filters between the ClearPass and the LDAP; check DNS on the ClearPass subscriber if it can find your LDAP; check the LDAP server logs; do a packet capture both on ClearPass and LDAP server to see if the LDAP connection is setup. Packet capture on ClearPass is in the Server Management, Collect Logs option.
Hope this helps, otherwise, please work with Aruba TAC on this issue to troubleshoot.
If you have urgent issues, please contact your Aruba partner or Aruba TAC.