08-07-2018 11:57 AM - edited 08-07-2018 11:58 AM
- Is it possible to have both RADIUS and LDAP Authentication working on the same Airwave server?
- Is LDAPS (LDAP over SSL) supported?
- Can you use a different port (636 instead of 389) for LDAPS?
Solved! Go to Solution.
Re: LDAP Authentication to Airwave Questions
08-07-2018 08:08 PM
1) Yes, you can do multiple remote access servers. The order will be RADIUS:TACACS:LDAP:LocalDB when remote auth is preferred. Known feature request to allow choosing the order, not enough customer interest to push it beyond the Product team.
2) Yes, LDAP-S is supported, with option to validate server certs.
3) Yes, you can choose different port.
This is all controlled from the AMP Setup -> Authentication tab.
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
08-16-2018 12:53 PM
Here is the solution I worked out with TAC.
- You can only have ONE authentication method enabled at a time.
So I had to Disable RADIUS authentication because I wanted to use LDAP. I was hoping to use both because our Network team prefers using RADIUS to authenticate, but our Help Desk uses LDAP.
- You must use LDAP with start-tls or clear-text authentication.
If I try to use ldap-s the AMP server doesn't even initiate any outbound traffic to the LDAP server.
- You must use the fully qualified BIND DN name. email@example.com doesn't work.
- Make sure the account .you are logging in with is in the right search DN.
That's it. Everything is working now (except for RADIUS authentication).