Security

last person joined: 14 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

LDAP Server only work at second contact for PAP authentication

Jump to Best Answer
  • 1.  LDAP Server only work at second contact for PAP authentication

    Posted Oct 20, 2014 11:57 AM

     

    I am using CPPM radius to authenticate user log on to all network devices.  All work very well but only one annoying issue with PAP Authentication Methods. 

     

    PAP is the only radius authentication method for Cisco, Nortel, and Airwave (let me know if I am wrong with Airwave, I don't want to use TACACS if I don't have too). 

     

    The problem is you must log in twice.  The first time, it always fails with message “Can’t contact LDAP server”, but if I log in again, then it works.  It works like if user has entered a wrong password at the first time, but reenter correct password at the second time.

     

    LDAP servers are Windows 2012, CPPMs are 6.3.5.

     

    Capture.JPG

    Regards,

     



  • 2.  RE: LDAP Server only work at second contact for PAP authentication
    Best Answer

    Posted Oct 20, 2014 11:53 PM
    What version of CPPM are you using? There was an issue in 6.4 that was fixed in 6.4.1


  • 3.  RE: LDAP Server only work at second contact for PAP authentication

    Posted Oct 21, 2014 09:26 AM

    CPPM6.3.5, but I just upgraded to 6.4.1.  Let see if 6.4.1 fix the problem



  • 4.  RE: LDAP Server only work at second contact for PAP authentication

    Posted Oct 21, 2014 09:44 AM

    I’ve been blaming the System for months that their LDAP service was “sleeping”.  It feels like you have to wake it up with the first contact, then it works at the second contact.  But after upgrade CPPM to 6.4.1 last night, problem resolved.

     

    Regards!