Community Home > Discuss > Technology > Wireless Access > Re: Version 8 inter grated with LDAP

Wireless Access

Reply
AmrShawky
Occasional Contributor II
AmrShawky

Version 8 inter grated with LDAP

‎05-07-2019 06:41 AM - last edited on ‎05-08-2019 01:26 AM by MVP Guru

i can not make an authenticated between aruba ctr and LDAP with below config 

version 8

 

aaa authentication-server ldap "LDAP server"
host 192.168.100.1
admin-dn "hqadmin@beshaysteel.com"
admin-passwd <removed>
allow-cleartext
base-dn "dc=beshaysteel,dc=com"
preferred-conn-type clear-text
!
aaa authentication-server ldap "LDAP server 2"
host 192.168.100.2
admin-dn "cn=HQAuth,ou=DomainAdmins,ou=HQ,ou=BeshaySteel,dc=beshaysteel,dc=com"
admin-passwd <removed>
allow-cleartext
base-dn "ou=HQ,ou=Beshay-Steel,dc=beshayst

Alert a Moderator
Message 1 of 18
571 Views
Tags (1)
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cjoseph

Re: Version 8 inter grated with LDAP

‎05-07-2019 06:44 AM

Did you use something like LDAP browser to double-check your ldap settings?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Alert a Moderator
Message 2 of 18
565 Views
Reply
0 Kudos
AmrShawky
Occasional Contributor II
AmrShawky

Re: Version 8 inter grated with LDAP

‎05-07-2019 06:51 AM - last edited on ‎05-08-2019 01:27 AM by MVP Guru

no. i have not but i have many systmes that integrated with ldpa like fortigate .

 

this the new configure

 


aaa authentication-server ldap "LDAP server"
host 192.168.100.1
admin-dn "CN=HQAuth,CN=Users,DC=beshaysteel,DC=com"
admin-passwd <removed>
allow-cleartext
base-dn "dc=beshaysteel,dc=com"
preferred-conn-type clear-text
!
aaa authentication-server ldap "LDAP server 2"
host 192.168.100.2
admin-dn "CN=HQAuth,CN=Users,DC=beshaysteel,DC=com"
admin-passwd <removed>
allow-cleartext
base-dn "dc=beshaysteel,dc=com"
preferred-conn-type clear-text
!

Alert a Moderator
Message 3 of 18
558 Views
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cjoseph

Re: Version 8 inter grated with LDAP

‎05-07-2019 08:10 AM

If this is active directory you are connecting to, you need to add a single parameter:

 

key-attribute sAMAccountName


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Alert a Moderator
Message 4 of 18
533 Views
Reply
0 Kudos
AmrShawky
Occasional Contributor II
AmrShawky

Re: Version 8 inter grated with LDAP

‎05-07-2019 01:30 PM

yes this is AD, this  parameters was appera in GUI normaly in the server paramters 

Alert a Moderator
Message 5 of 18
517 Views
Reply
0 Kudos
AmrShawky
Occasional Contributor II
AmrShawky

Re: Version 8 inter grated with LDAP

‎05-07-2019 01:45 PM

is this logs appera the issue ?

 

 

May 7 16:22:26 authmgr[5546]: <199802> <5546> <ERRS> |authmgr| ldapclient.c, ldap_client_bind_admin_cb:922: LDAP Server LDAP server: Error in Binding Admin to server: Timeout or Network error
May 7 16:22:28 dot1x-proc:1[5993]: <199802> <5993> <ERRS> |dot1x-proc:1| ldapclient.c, ldap_client_bind_admin_cb:922: LDAP Server LDAP server: Error in Binding Admin to server: Timeout or Network error
May 7 16:22:28 dot1x-proc:2[5996]: <199802> <5996> <ERRS> |dot1x-proc:2| ldapclient.c, ldap_client_bind_admin_cb:922: LDAP Server LDAP server: Error in Binding Admin to server: Timeout or Network error

Alert a Moderator
Message 6 of 18
514 Views
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cjoseph

Re: Version 8 inter grated with LDAP

‎05-07-2019 02:32 PM

See if you can ping the LDAP server from the controller.  It doesn't seem to be answering.  Does your LDAP server answer on port 636 or 389?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Alert a Moderator
Message 7 of 18
506 Views
Reply
0 Kudos
AmrShawky
Occasional Contributor II
AmrShawky

Re: Version 8 inter grated with LDAP

‎05-07-2019 02:35 PM

i can ping the ldap "all in same subnet" , i try using 2 ports and as result, authenicated failed

Alert a Moderator
Message 8 of 18
504 Views
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cjoseph

Re: Version 8 inter grated with LDAP

‎05-07-2019 02:49 PM

I would use an LDAP diagnostic tool like ldapsearch or Softerra LDAP browser to ensure that your parameters and port are correct.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Alert a Moderator
Message 9 of 18
501 Views
Reply
0 Kudos
Highlighted
AmrShawky
Occasional Contributor II
AmrShawky

Re: Version 8 inter grated with LDAP

‎05-07-2019 03:05 PM

did you think that the issue in server not cntr.

 

the aruba configuration is same as fortigate configuration regarding ldap . fortigate work but cnt no

Alert a Moderator
Message 10 of 18
495 Views
Reply
0 Kudos
Search Airheads
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

© Copyright 2019 Hewlett Packard Enterprise Development LP
All Rights Reserved.
Powered by Lithium