Wireless Access

Reply
Highlighted
Frequent Contributor I

Help with LDAP AD account to login into the 3400 Controller

so i have LDAP already setup and working. The issue is when i set a server rule so that only certain users from a AD group are allowed to log in, it doesnt work. In my drop down selection i do not have memberOf selection. If i use Group-Name and change the allow local logon to no access it doesnt work either. can someone let me know what i should be using please.

 

MKP20_0-1586781584527.png

as you can see memberOf is not validated, but Group-Name is.

Highlighted
Guru Elite

Re: Help with LDAP AD account to login into the 3400 Controller

Two suggestions:

 

1.  Use the aaa query command to validate what LDAP attributes are returned for users:  https://www.arubanetworks.com/techdocs/ArubaOS_6_5_4_X_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/aaa_query_user.htm?Highlight=query

 

2.  If the attribute does not appear in the dropdown, you can configure it on the commandline in the server group using "set role..."  https://www.arubanetworks.com/techdocs/ArubaOS_6_5_4_X_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/aaa_server_group.htm?Highlight=server%20derivation

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Frequent Contributor I

Re: Help with LDAP AD account to login into the 3400 Controller

here is the query and yes the user is part of that grp. ill try it via cli and see if that works.

 

MKP20_0-1586782998814.png

 

Highlighted
Guru Elite

Re: Help with LDAP AD account to login into the 3400 Controller

Lastly, you should enable LDAP debugging:  https://community.arubanetworks.com/t5/Command-of-the-Day/COTD-Debugging-LDAP/td-p/91

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Frequent Contributor I

Re: Help with LDAP AD account to login into the 3400 Controller

ran these commands and same result in CLI

MKP20_0-1586785302669.png

MKP20_1-1586785378614.png

 

 

Highlighted
Guru Elite

Re: Help with LDAP AD account to login into the 3400 Controller

Did you turn on debugging and look at the log after the user attempt to login?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Frequent Contributor I

Re: Help with LDAP AD account to login into the 3400 Controller

yes

 

MKP20_0-1586786081562.png

 

Highlighted
Frequent Contributor I

Re: Help with LDAP AD account to login into the 3400 Controller

so after all the research and attempts at this, using the attribute User-Name works. im not sure why i cannot user memberOf, but since User-Name is working im going to user that. thanks for the information you provided.

Highlighted
Super Contributor II

Re: Help with LDAP AD account to login into the 3400 Controller

Have you tried MemerOf with a capital M?

 

 

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX #509 | ACCX #1272 | ACSA | ACDA | ACEA | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!
Highlighted
Frequent Contributor I

Re: Help with LDAP AD account to login into the 3400 Controller

no, ill try that and see if that works.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: