Wireless Access

Reply
Highlighted
Contributor I

Captive Portal LDAP authentication failed

Hello, im trying to set up a captive portal authentication with LDAP server on an Aruba Controller. I successfully integrated the controller with the LDAP server, as seen in the AAA diagnostics test:

Pokekman_0-1602133383607.png

But when i connected to the SSID and tried to log into the captive portal, it shows authentication failed.

This is what i found from the log:

Oct 8 10:29:38 :133019:  <3560> <ERRS> |localdb|  User wifi was not found in the database
Oct 8 10:29:38 :133006:  <3560> <ERRS> |localdb|  User wifi Failed Authentication (Processing USER_REQUEST on UserDB)
Oct 8 10:29:38 :133121:  <3560> <WARN> |localdb|  make_response: Sending USERDB_REJ-msg to 127.0.0.1:8214 with msgtype:23 id:55 reqtype:1 dbtype:0
Oct 8 10:29:50 :133019:  <3560> <ERRS> |localdb|  User direksi1 was not found in the database
Oct 8 10:29:50 :133006:  <3560> <ERRS> |localdb|  User direksi1 Failed Authentication (Processing USER_REQUEST on UserDB)

Is there any configuration that i should do? 

Thank you.


Accepted Solutions
Highlighted
Guru Elite

Re: Captive Portal LDAP authentication failed


@Pokekman wrote:

Hello, im trying to set up a captive portal authentication with LDAP server on an Aruba Controller. I successfully integrated the controller with the LDAP server, as seen in the AAA diagnostics test:

Pokekman_0-1602133383607.png

But when i connected to the SSID and tried to log into the captive portal, it shows authentication failed.

This is what i found from the log:

Oct 8 10:29:38 :133019:  <3560> <ERRS> |localdb|  User wifi was not found in the database
Oct 8 10:29:38 :133006:  <3560> <ERRS> |localdb|  User wifi Failed Authentication (Processing USER_REQUEST on UserDB)
Oct 8 10:29:38 :133121:  <3560> <WARN> |localdb|  make_response: Sending USERDB_REJ-msg to 127.0.0.1:8214 with msgtype:23 id:55 reqtype:1 dbtype:0
Oct 8 10:29:50 :133019:  <3560> <ERRS> |localdb|  User direksi1 was not found in the database
Oct 8 10:29:50 :133006:  <3560> <ERRS> |localdb|  User direksi1 Failed Authentication (Processing USER_REQUEST on UserDB)

Is there any configuration that i should do? 

Thank you.


This means that your Captive Portal Authentication Profile server group is "default" which is pointing at the local database.  You need to create a server group that includes your LDAP server and then change your Captive Portal authentication profile to reference that server group so that it is authenticating to your LDAP server.

 

To be clear, the server (group) that is queried for Captive Portal is in the Captive Portal Authentication profile, NOT the AAA profile.  All the AAA profile does is put the user in the Initial user role, whose ACLs trigger a Captive Portal.  The Captive Portal Authentication Profile referenced in that initial user role is what decides the user store that is queried by the Captive Portal.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide

View solution in original post


All Replies
Highlighted
Super Contributor II

Re: Captive Portal LDAP authentication failed

Have you added the LDAP server correctly?

https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-configure-LDAP-on-the-Aruba-controller/ta-p/184056


Also have you added the LDAP server in the AAA profile?

 

 

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX #509 | ACCX #1272 | ACSP | ACDA | ACEP | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!
Highlighted
Contributor I

Re: Captive Portal LDAP authentication failed

Yes, i also followed that guide 

I have added the ldap server to the AAA profile

Highlighted
Super Contributor II

Re: Captive Portal LDAP authentication failed

And you checked this step?

4) Enable the termination in the controller with eap-peap and eap type as eap-gtc and no machine authentication as for now

 

 

 

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX #509 | ACCX #1272 | ACSP | ACDA | ACEP | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!
Highlighted
Guru Elite

Re: Captive Portal LDAP authentication failed


@Pokekman wrote:

Hello, im trying to set up a captive portal authentication with LDAP server on an Aruba Controller. I successfully integrated the controller with the LDAP server, as seen in the AAA diagnostics test:

Pokekman_0-1602133383607.png

But when i connected to the SSID and tried to log into the captive portal, it shows authentication failed.

This is what i found from the log:

Oct 8 10:29:38 :133019:  <3560> <ERRS> |localdb|  User wifi was not found in the database
Oct 8 10:29:38 :133006:  <3560> <ERRS> |localdb|  User wifi Failed Authentication (Processing USER_REQUEST on UserDB)
Oct 8 10:29:38 :133121:  <3560> <WARN> |localdb|  make_response: Sending USERDB_REJ-msg to 127.0.0.1:8214 with msgtype:23 id:55 reqtype:1 dbtype:0
Oct 8 10:29:50 :133019:  <3560> <ERRS> |localdb|  User direksi1 was not found in the database
Oct 8 10:29:50 :133006:  <3560> <ERRS> |localdb|  User direksi1 Failed Authentication (Processing USER_REQUEST on UserDB)

Is there any configuration that i should do? 

Thank you.


This means that your Captive Portal Authentication Profile server group is "default" which is pointing at the local database.  You need to create a server group that includes your LDAP server and then change your Captive Portal authentication profile to reference that server group so that it is authenticating to your LDAP server.

 

To be clear, the server (group) that is queried for Captive Portal is in the Captive Portal Authentication profile, NOT the AAA profile.  All the AAA profile does is put the user in the Initial user role, whose ACLs trigger a Captive Portal.  The Captive Portal Authentication Profile referenced in that initial user role is what decides the user store that is queried by the Captive Portal.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide

View solution in original post

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: