Wireless Access

Reply
Occasional Contributor II

can someone provide some idea to solve this LDAP problem

I am now meet the following problem

The Aruba AC3200 use the LDAP authencation with the external-AD server. But now some wireless user can not pass the authencation  and some of them 's loggo must be case sensitive. Others little people can pass the authencation smoothly

They take a try that  they use another AC (in another city) to connect the AD server and there is no problem.

I will go to the customer site next week and I can not get the AC's configuration now. I only know the ARUBA 3200's version is 3.x.x . 

May I ask  if someone can provide some idea for me  to solve the problem? And  what can I prepare for  ?

 

Thank you very much.

Guru Elite

Re: can someone provide some idea to solve this LDAP problem

What kind of ldap server?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: can someone provide some idea to solve this LDAP problem

It's the windows 2003 AD . 3Q

Guru Elite

Re: can someone provide some idea to solve this LDAP problem

The only solution to this is to switch to radius for authentication.  Active Directory's username authentication is not case sensitive, but when using LDAP to connect to Active Directory it IS case sensitive.  If you switch to radius, it will allow users to login with any case.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I

Re: can someone provide some idea to solve this LDAP problem

Hello cjoseph, in another case they mention a "shim" to load inside windows machine, i have the need to authenticate against some LDAP server instead of radius (as i would prefer here) but customer would like to use LDAP . i said "termination" on the controler and choose eap-gtc type , and one of those 2 : eap-tls / eap-peap

 

after authentication via wpa2-aes/tkip it shows up some certificate to trust (this self-signed controller thingy) but authentication doesnt work.

 

where to get this shim , im using win7 with the zero-supplicant of win7 , perhaps using intel proset would be the better option here.

 

regards

 

 

    
Guru Elite

Re: can someone provide some idea to solve this LDAP problem

The "shim" would be the PEAP-GTC plugin.  You can download this at http://support.arubanetworks.com under Tools for Windows XP, VISTA and Windows 7.  Intel ProSet does support an inner type of PEAP-GTC and is an alternative.

 

In the long run, loading software on every laptop and configuring it manually does not scale.  If you configure Radius instead of LDAP, you can always use group policy to configure clients in an AD environment automatically without loading software.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I

Re: can someone provide some idea to solve this LDAP problem

yeah i tried witih win7-64bit where i have the full proset package and peap/gtc worked , but im pushed into the wrong vlan and dont know "why" . i the AAA profile i set to "authenticated" and i said the VAP belongs to corporate VLAN , but im getting IP of the guest network and dont know "why"

 

besides as information i have to server_rules active, cause i cant find the "internal" server rule named "ROLE" , i cant choose it in the list, why ? other name, renamed ? or should it work without any server-rule ?

 

the default values : Machine Authentication: Default User Role  -> guest   , i didnt change , should i change those also to "authenticated" ? i wonder why im pushed into the guest-vlan instead the VLAN i set in the vap , do you see my error?

 

regards

Guru Elite

Re: can someone provide some idea to solve this LDAP problem

You should check your Default 802.1x role in the AAA profile.  You should also check what role the user gets when authenticated and see if that role has a VLAN in it.

 

Ultimately, you should turn on user debugging to see why it is ending up in that VLAN.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I

Re: can someone provide some idea to solve this LDAP problem

yepp perfect, works, changed from "guest" to "authenticated", well this is just a test but perfect.

 

cjoseph, thanks again for being 24/7 avail for us (you arent some bot or ? )

 

rumours (aruba trainers) saying "oh well this guy cjoseph is 24/7 awake always online in the airheads bb") ;-)

 

regards

benjamin

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: