Wireless Access

Reply
Occasional Contributor I
Posts: 9
Registered: ‎09-22-2015

AD LDAP authentication 6.4.3.4 times out

Hello ,

 

I'd like to use a captive portal and authenticate the users using the external LDAP .

We have two domains one is the Novell and the other is a Windows one , two LDAP servers Novell's

Edirectory and Windows AD. I am able to authenticate the users against the Edirectory no problem yet the authentication against the AD fails . I know for sure the credentials that I use the admin DN and passwords plus base search DN work since I am able to browse the directory using the LDAP browser plus the same credentials (and base DN) work fine on our old controller  sw version 5.0.4.7.However exactly the same settings ( to the tee) do not work on 7210 sw version 6.4.3.4.

Test aaa servers returns aaa server timeout ( I can ping the server and all, as a matter of fact the old controller sits on the same vlan and accesses the same AD , I am testing it using the clear text pap authentication)

 

Is there a bug in the 6.4.3.4 code ? or am I missing something in my config ? Is there someone out there with the similar setup that works ?

 

Any help will be greatly appreciated

 

Regards

 

Kris

 

 

 

Guru Elite
Posts: 21,259
Registered: ‎03-29-2007

Re: AD LDAP authentication 6.4.3.4 times out

What is the ArubaOS configuration for the LDAP server that times out?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎09-22-2015

Re: AD LDAP authentication 6.4.3.4 times out

Hello cjoseph,

 

below is the server configuration

 

LDAP Server "LDAPName"
---------------------
Parameter Value
--------- -----
Host 172.16.30.11
Admin-DN CN=Admin,OU=AdminOU,DC=xxxx,DC=xxx,DC=xxx
Admin-Passwd ********
Allow Clear-Text Enabled
Auth Port 389
Base-DN DC=xxx,DC=xxx,DC=xxx
Filter (objectClass=person)
Key Attribute sAMAccountName
Timeout 20 sec
Mode Enabled
Preferred Connection Type clear-text
maximum number of non-admin connections 4

 

It is set to clear text simple for troubleshooting purposes (wireshark)

The screen shot of packet capture attached. Looks to me the aruba controller never sends a bind request with admin credentials after the server sends the response "In order to perform this operation........" the controller just waits for 20 seconds and than sends the ubind requests and bindrequest this time with the admin credentials,  the server responds success the controller displays server timed out.

 

Thank you for your response

 

Regards,

 

Kris

 

 

 

 

Guru Elite
Posts: 21,259
Registered: ‎03-29-2007

Re: AD LDAP authentication 6.4.3.4 times out

It is not clear from the packet capture or the configuration what is wrong.  You should open a support case.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎09-22-2015

Re: AD LDAP authentication 6.4.3.4 times out

We haven't bought ArubaCare yet so I guess we do not have access to Aruba TAC yet.

I will do it as soon as we get it.

 

Thank you again

 

Regards

 

Kris

Guru Elite
Posts: 21,259
Registered: ‎03-29-2007

Re: AD LDAP authentication 6.4.3.4 times out

Okay.  Your base-dn should be OU=AdminOU,DC=xxxx,DC=xxx,DC=xxx



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎09-22-2015

Re: AD LDAP authentication 6.4.3.4 times out

It works only for the users that are in AdminOU container , it fails for all the other users.

As I mentioned in the first post we have Alcatel Lucent branded Aruba controller model

OAW-4324 software version 5.0.4.7 and it has been working fine for couple of years now I mean exactly the same settings.

 

Regards,

 

Kris

 

 

Guru Elite
Posts: 21,259
Registered: ‎03-29-2007

Re: AD LDAP authentication 6.4.3.4 times out

I thought you said it was not working at all?  Is the adminou the highest container?  Maybe your Base-DN is incorrect and your search should start somewhere else...

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎09-22-2015

Re: AD LDAP authentication 6.4.3.4 times out

Just to clarify things. We have two Aruba controllers,  an old one OAW-4324 (soon to be retired)

 and 7210 replacement of the OAW-4324 . The AD LDAP server that is used to authenticate users works fine with OAW-4324 . Now the same LDAP settings for the new controller don't work I mean those two controllers point to the same LDAP server, the settings are the same (same admin CN and password , the same search base  DN) and on the old controller (production) the configuration has been working  fine yet it is not working on 7210 with the latest stable software release.

To answer your question all the user  containers  are under the  domain of the DC=xxx,DC=xxx,DC=xxx they all hierarchically on the same level so the admin OU is on the same level as users1 OU and so on.

Since I am not much of the LDAP AD guy not sure if my answer to your question makes any sens

 

Regards

 

Kris

Guru Elite
Posts: 21,259
Registered: ‎03-29-2007

Re: AD LDAP authentication 6.4.3.4 times out

Your answer makes sense, I was checking to see if there is anything else that would explain the behavior, bit there does not seem to be anything


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: