Wireless Access

last person joined: 21 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Help with LDAP AD account to login into the 3400 Controller

This thread has been viewed 0 times

  • 1.  Help with LDAP AD account to login into the 3400 Controller

    Posted Apr 13, 2020 08:41 AM

    so i have LDAP already setup and working. The issue is when i set a server rule so that only certain users from a AD group are allowed to log in, it doesnt work. In my drop down selection i do not have memberOf selection. If i use Group-Name and change the allow local logon to no access it doesnt work either. can someone let me know what i should be using please.

     

    MKP20_0-1586781584527.png

    as you can see memberOf is not validated, but Group-Name is.



  • 2.  RE: Help with LDAP AD account to login into the 3400 Controller

    EMPLOYEE
    Posted Apr 13, 2020 08:57 AM

    Two suggestions:

     

    1.  Use the aaa query command to validate what LDAP attributes are returned for users:  https://www.arubanetworks.com/techdocs/ArubaOS_6_5_4_X_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/aaa_query_user.htm?Highlight=query

     

    2.  If the attribute does not appear in the dropdown, you can configure it on the commandline in the server group using "set role..."  https://www.arubanetworks.com/techdocs/ArubaOS_6_5_4_X_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/aaa_server_group.htm?Highlight=server%20derivation

     

     



  • 3.  RE: Help with LDAP AD account to login into the 3400 Controller

    Posted Apr 13, 2020 09:04 AM

    here is the query and yes the user is part of that grp. ill try it via cli and see if that works.

     

    MKP20_0-1586782998814.png

     



  • 4.  RE: Help with LDAP AD account to login into the 3400 Controller

    EMPLOYEE
    Posted Apr 13, 2020 09:09 AM

    Lastly, you should enable LDAP debugging:  https://community.arubanetworks.com/t5/Command-of-the-Day/COTD-Debugging-LDAP/td-p/91

     

     



  • 5.  RE: Help with LDAP AD account to login into the 3400 Controller

    Posted Apr 13, 2020 09:43 AM

    ran these commands and same result in CLI

    MKP20_0-1586785302669.png

    MKP20_1-1586785378614.png

     

     



  • 6.  RE: Help with LDAP AD account to login into the 3400 Controller

    EMPLOYEE
    Posted Apr 13, 2020 09:46 AM

    Did you turn on debugging and look at the log after the user attempt to login?



  • 7.  RE: Help with LDAP AD account to login into the 3400 Controller

    Posted Apr 13, 2020 09:55 AM

    yes

     

    MKP20_0-1586786081562.png

     



  • 8.  RE: Help with LDAP AD account to login into the 3400 Controller

    Posted Apr 13, 2020 11:14 AM

    so after all the research and attempts at this, using the attribute User-Name works. im not sure why i cannot user memberOf, but since User-Name is working im going to user that. thanks for the information you provided.



  • 9.  RE: Help with LDAP AD account to login into the 3400 Controller

    MVP GURU
    Posted Apr 13, 2020 12:25 PM

    Have you tried MemerOf with a capital M?

     

     



  • 10.  RE: Help with LDAP AD account to login into the 3400 Controller

    Posted Apr 13, 2020 12:47 PM

    no, ill try that and see if that works.