Cisco :: WLC 4400 - Web Authentication Using LDAP

Mar 14, 2011

I have some problems integrating WLC 4400 with AD using ldap. The the WLC LDAP Server and W LAN for Web Authentication are configured according to [URL].
 
when I connect to SSID the laptop is given the ip address, then I can see the web-page with lo gin and password - it seems to be OK, but when I enter lo gin and pass it tells me, that it's incorrect.  
 
The attributes of the LDAP server:
 
Server Address                              *.*.*.*
Port Number                                 389        
User Base DN                                ou=ORG,dc=domain,dc=local
User Attribute                              userPrincipalName         
User Object Type                            Person
 
the test user is located in AD folder ORG, but this folder also contains a lot of sub trees
 
There are some questions:

1) Is it obligatory to use value "Authenticated" in the Simple Bind option or it can be Anonymous?
2) Is the Controller capable for searching the users located in User Base DN sub trees?
  
Here is some debug from the controller:
 
667: LDAP_CLIENT: UID Search (base=.....
669: LDAP_CLIENT: ldap_search_ext_s returns 0 85
669: LDAP_CLIENT: Returned 1 msgs including 0 references
[Code]....

View 6 Replies


ADVERTISEMENT

Cisco VPN :: LDAP Authentication On ASA 8.2(1)

Oct 29, 2011

i am facing an issue while trying to configure LDAP integration on Cisco ASA firewall. The requirement is allow the remote access VPN to specific group defined on AD. When i checked the debug logs " debug ldap 255" , it shows that the authenication is sucessfull with the LDAP server , but the ldap attribute is not getting mapped and because of this reason , the tunnel-group default group policy of "NOACCESS" is getting applied ( vpn simultanous set to zero) that results zero connection.
 
I confirmed this by changing the value of NOACCESS from zero to one and found that the VPN is getting connected
 
The name of user account is testvendor that belongs to the group of Test-vendor. 
 
The configuration and debug output is shown below.
 
SHOW RUN
ldap attribute-map ABC-VENDOR
map-name  memberOf Group-Policy

[Code]....

View 5 Replies View Related

Cisco :: WLC 2504 And LDAP Authentication?

Mar 29, 2012

i am trying to get ad authentication working on a WLC 2504, can I use the LDAP server configuration for authentication?

View 1 Replies View Related

Cisco VPN :: ASA 5505 - VPN Authentication Via LDAP?

Oct 16, 2011

I have cisco ASA 5505 with security plus, i configured remote VPN with ASA for LDAP authentication which works as i want. Now i have a requierment that some users needs to get access via remote VPN but they are not part OUR SERVER Active directory, Is that a possibility that users have an access of remote VPN while not creating an account in AD and perfrom local authentication via firewall for them?

View 1 Replies View Related

Cisco :: Prime LMS 4.2.3 And LDAP Authentication

May 5, 2013

I'm trying to get my LMS 4.2.3 to do LDAP authentication up against our Windows 2008 R2 Domain.url...

As far as I can see It all has to do with LMS not being able to get a functional connection to the AD that allows for LDAP query's: [code] How does this LDAP thingie work? The documentation states that I must supply a specific user to the Usersroot, since I'm on a 2008 domain, but where do I provide the password for this account, so LMS can log in and do its LDAP queries?

View 0 Replies View Related

Cisco :: LDAP Web Authentication With WLC2006?

May 8, 2011

Is LDAP web authentication supported on the  AIR-WLC2006-K9?  There is a place to add LDAP servers in there but I can't seem to get the web authentication piece of it to work.  I saw some idications on forum posts online that made me think that it wasn't supported but I never found a definitive cisco answer.  I have it set up and working great on a 5508 wireless controller.

View 1 Replies View Related

AAA/Identity/Nac :: ASA 8.3 LDAP Authentication For SSL VPN

May 16, 2011

I am having a problem getting an ASA running 8.3 to authenticate an SSL VPN directly against an LDAP on Windows Server 2003.  I have changed the read access on the Active Directory to allow Annonymous to read it.  I think I am missing something on the ASA config.  I have the Server Group specified with the address of the correct server but nothing else really configured. 

View 1 Replies View Related

Cisco Wireless :: Web Authentication Using LDAP On WLC 4402?

Dec 18, 2011

We are attempting to use LDAP for web authentication on a WLC 4402. 
 
[URL]
 
You are able to connect to the SSID and it reidrects you to the login page as it should.  When you enter your username and password you get a message that "the username and password combination you have entered is invalid." Based on the following log it looks like the LDAP bind is the issue.
 
*LDAP DB Task 1: Dec 19 11:19:26.584: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
 
We are able to test the following configuration with ldp.exe successfully,
 
Server: ***.***.***.***
Port Number: 389
Bind Username: CiscoBYOT

[Code].....

View 2 Replies View Related

Cisco :: WLC 5508 And LDAP Web-Authentication (Routing)?

Aug 13, 2012

I have two WLC5508 controllers configured with multiple SSIDs and a VLAN associated to each of them. Now I am deploying a pilot for Web-Authentication and everything seems to be fine except for the LDAP authentication part. I have done all the steps for enabling anonymous bind on Active Directory (AD) and the configuration on the controller is properly in place. I know the configuration is working fine because I have isolated the problem to some sort of routing or communication problem:
 
Controller Interfaces:
 
Management Interface - Vlan 1, (X.X.148.99)
Student Interface - Vlan 2 (X.X.132.99)
Mobile Devices interface - Vlan 28
Web authentication interface - Vlan 31
 
AD is on Vlan 2 (Student Interface range)Each interface has its own IP in a different IP range.
 
If there is an IP address configured on the Vlan2 interface, LDAP wont work. If there isnt an IP address on the Vlan 2 Interface LDAP works!So you may think I just should not configure an IP for that particular Vlan, but if do this, the controller wont allow to associate any WLAN to that particular Vlan interface and unfortunately I am using it.
 
I think the Controller uses the Management interface to send traffic to the LDAP server and it gets confused of getting a reply from a device which belongs to the Vlan 2 Interface IP range (AD is on Vlan 2).
 
I know the controller is a Layer 2 device, so I am not sure why it should need an IP address to be configured for each interface, I read it is used just for roaming purposes but it seems to be somehow related to LDAP communication process as well.
 
The strange thing is that I can access the management interface IP from the Vlan 2 range and there is not problem at all.
 
PD: Controller 5508, Software version: 7.0.230.0

View 6 Replies View Related

AAA/Identity/Nac :: ACS 5.2 Local Authentication With LDAP?

Sep 13, 2011

is it possible to validate the ACS Application Accounts against an external repository like LDAP? I have found that LDAP can be used only as Identity store to authenticate users on AAA clients and Network devices.

View 0 Replies View Related

AAA/Identity/Nac :: ASA 5510 - LDAP Authentication

Mar 2, 2011

I have a problem with LDAP authentication. i have an Cisco Asa5510 and windows 2008 R2 server. i create LDAP authentication.
 
aaa-server LDAPGROUP protocol ldapaaa-server LDAPGROUP (inside) host 10.0.1.30 server-port 389 ldap-base-dn dc=reseaux,dc=local ldap-naming-attribute sAMAccountName ldap-login-password ***** ldap-login-dn CN=user,OU=Utilisateurs,DC=reseau,DC=local server-type microsoft
 
but when i test, i have an error (user account work directly in server)
 
test aaa-server authentication LDAPGROUP host 10.0.1.30 username user password *****
INFO: Attempting Authentication test to IP address <10.0.1.30> (timeout: 12 seconds)ERROR: Authentication Rejected: Unspecified

View 11 Replies View Related

Cisco :: Can't Do Radius Authentication Via WLC 4400

Jan 3, 2013

I am configuring an old WLC4400 with V4.2.130.0. I added a new sub-interface for VLAN 50 with proper IP for the subnet and then add the Radius server(Windows server 2008 with NPS) onto WLC4400. I then created new WLAN with WPA+WPA2 Encryption and 802.1x key management and selected the Radius server under AAA for authentication.
 
Configured the test XP with WPA-Enterprise and PEAP as EAP method. I purposely configured computer to prompt for username and password.
 
When I try to connect, I did get prompt for username and password. However after that nothing happens. It seems like laptop just keep trying to authenticate.
 
I checked windows event log and do not see anything under NPS. I know this windows server NPS setup works as it is also the authentication server for our remotevpn.
 
is there any special option I need to turn on for WLC in order for Radius authentication work? Or is there any known bug with V4.2.130.

View 13 Replies View Related

Cisco VPN :: ASA5510 LDAP Authentication Across W2K3 AD Domains?

Dec 8, 2010

Does the LDAP authentication work across W2K3  Active Directory domains and multiple ASA5510 firewalls? Or do I need to setup another type of authentication? If I use another type of authentication can I get specific portals with special bookmarks based on login account?

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 LDAP Authentication With Apple Mac OS X Server?

Jan 24, 2012

Does Cisco Secure ACS 5.3 support LDAP authentication with Apple Mac OS X server? One  of our clients require an access control system. The major portion of  the network consists of Apple Mac OS X 10.7 (Lion) Server and clients.  They were using MAC-address based authentication along with LDAP through  Cisco Wireless LAN Controller. But now the number of users has exceeded  the maximum number of MAC addresses supported by WLC (2048). Hence we  suggested ACS appliance to overcome the limit. My doubt is whether ACS  5.3 appliance can communicate with the Mac server and perform LDAP  authentication.

View 2 Replies View Related

Cisco VPN :: ASA 5510 VPN Authentication With LDAP Password Change

Mar 3, 2013

i have following problem. I configured on a Cisco ASA5510 VPN authentication with LDAP. It works fine but one thing doesnt works.If i configure on my Active Directory the user for "User must change Password at next login" the message for password change is coming (look screenshot AnyConnect1), but if the user want to change his password, the password will not accepted by the system(look screenshot AnyConnect2).In the Group Policies on my Active Directory i disabled all features(look screenshot Pic1)I tried all combination for the password, but nothing will accepted.i configured LDAP over SSL and in the Tunnel Group i enabled the password management with "NOtify User 2 days prior to password expiration".

View 3 Replies View Related

Cisco Wireless :: 5508 - EAP-FAST Authentication In WLC With ACS-LDAP

May 9, 2012

We are using WLC-5508 in our corporate. For authenication we have implemented ACS with LDAP configured as external user database. We can able to get authenicated for Web based authenication. When it is configured for EAP-FAST, authenitication is not happening.

View 3 Replies View Related

Cisco Wireless :: 5500 LDAP And Local AAA Authentication On WLC

May 5, 2013

Is it possible to use both LDAP (to Active Directory) authentication for a WLAN defined on a 5500 series controller, and use the local user account database (AAA) for the guest vlan?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 Configuring LDAP With Secure Authentication?

Mar 15, 2012

I am setting up an LDAP identity store over ldaps in ACS 5.1.  I specify that the connection uses secure authentication and provide the Root CA certificate.  When I hit "Test Bind to Server", I get this error message in a popup window: "Connection test bind Failed :server certificate not found"Is this saying that ACS can't find the CA certificate uploaded, or does it mean the actual certificate presented by my LDAPS server during the bind test? 

View 2 Replies View Related

Cisco Wireless :: 5508 Web Authentication With Encryption And LDAP?

Jul 18, 2012

From what I've read, it doesn't seem possible to use Web Authentication and obtain encryption unless using a Radius server.
 
I have a client asking for web auth, encryption, and ldap connection to their AD servers.

View 4 Replies View Related

Cisco VPN :: ASA 5505 LDAP Authentication With Openldap And Groups

Oct 5, 2010

I'm trying to set up my Cisco ASA 5505 to authenticate against and openldap server. Authenticate with a user's LDAP username and password is working fine.
 
I've hit Google pretty hard but can't seem to find a simple answer.  It seems like RADIUS might be easier for this kind of thing, but I haven't gotten that set up yet and my familiarity with RADIUS is pretty minimal right now.

View 6 Replies View Related

Cisco Wireless :: WLC 2504 Authentication Based On AD / LDAP

May 17, 2012

What are the possibilities for configuring a WLC to authenticate WLAN users based on their Active Directory user account?
 
Is this possible by setting up local EAP on the WLC?
 
I’ am looking for a solution where there are no changes to the Domain Controller involved and also no setting op IAS/RADIUS.
 
WLC:2504

View 8 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 / PEAP (EAP-GTC) Machine Authentication With LDAP?

Aug 19, 2012

Cisco 5508 wireless controllerCisco ACS 5.1LDAP connection I have setup the wireless controller to do RADUIS authentication with the ACS 5.1 using LDAP. The setup is currently working, Brief info below on setup.
 
I setup the PC client to use WPA2-Enterprise AES and authentication method CISCO PEAP. When I connect to the SSID this will prompt for a username and password. I will enter in my AD details and the ACS with the LDAP connection will authenicate and on the network I go.
 
Now I want to add machine authentication with CERTIFICATES, each laptop and pc in our network has CA certificates installed.
 
way that I can add these certificates into the ACS 5.1 so I pretty much want to import them into the ACS. Once they are imported inside I want the ACS to check that the certificates are on the PC and then prompt for the AD username and password, and only once it meets these two conditions it allows the workstation onto the network.So it will be a two form authentication one with certificates and the other ldap.

View 18 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Integration With LDAP For User Authentication

Dec 17, 2011

While configuring LDAP , I got struck in  “Step 3 - Directory Organization”. How to make this work? My aim is to make users authenticated from their windows domain usernames and passwords while they log in to AAA clients.

View 1 Replies View Related

Cisco :: 4400 / 5508 Controllers - 802.1x Re-Authentication

Mar 28, 2012

Currently in the process of migrating from psk to 802.1x radius environment using a mix of 4400 and 5508 controllers with WCS using Microsoft ias.  The problem I have is there is a lot of shared iPads and tablets in the environment.  Is there a way to force these user to relogin to radius after a certain time period so they are not  sharing unames and passwords?

View 1 Replies View Related

Cisco :: Wireless 4400 - Customized Web Authentication

Aug 4, 2011

I posted a few days ago but don't have a good response.  I've dig high and low and haven't come across a solution yet.  I've been trying to get a customized web Authentication typed.  I didn't need a user name or password to get through.  All I need is a web pass through and an accept button at the end of the HTML agreement policy or splash page.
 
I was able to create a log in.HTML and download to the wireless controller, but my problem is how would I get an agree button and when a user click on it and it would redirect to a website. I've followed the following link but no luck. {URL}. the link doesn't tell me weather I should create an accept button manually or is there a setting on the controller that need to check?  the link also provide some info. about: Configure Client Machine for Web Pass through, but where should I download the Cisco Aironet Desktop Utility?  I've download ACUv502005.exe file for my windows 7 but after the installation it didn't work for me. if you know how to configure the web-pass through.  I been working for this for a week now and didn't find the info. that I was looking for.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 SSL VPN LDAP Authentication Configuration Required

Oct 16, 2012

I've gotten to the point where I can test against active directory and get in, also I can get AD groups from my server on the ASA. My problem, I can't connect in via my AnyConnect client on my Android. I immediately get a "log in failed" and I know I'm using the right username/pass. Doing a little troubleshooting, I have attached my AnyConnect debug log and the results of the "debug ldap 255" command on the ASA. Also, I've used ldp.exe to determine I can connect in with the username/password combo I'm using.Combing through the AnyConnect logs I see a few instances of "global error unexpected" but no Google searches have brought up anything useful.

View 7 Replies View Related

Cisco :: WLC 5508 Active Directory / LDAP Integration For Authentication?

May 18, 2011

I am deploying Redundant WLC 5508 with 4 VLANs and 4 SSIDs Match to it, Everything works Fine, now i need to do the below:
 
1. I need All Wireless Users need to authenticated with Existing Active Directory/LDAP

2. I will Create Guest Accounts in my AD , and pass to Guests, Then Guest should only Access Internet except Corporate Resources

2. How can i secure my Voice VLAN for Wireless Phones. I want only WIreless Phones to Connect to Voice VLAN.No internet Access on Voice VLan

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 - LDAP Authentication Works / Authorization Fails

Oct 24, 2011

I set up LDAP store pointing to a Windows domain and am testing authenticating users via an ASA.  In my LDAP config, its set for "Groups Objects refer to subjects" and I selected usernames in the drop down.  I also added a a Global Group to the Directory groups tab in the LDAP store that I created.
 
Under my Access Polices, I created a rule that meets two condititons - coming from the ASA, and then I was able to select the group from the drop down box for my ldap domain.  As a condition, it shows up as DomainName:External Groups.  I set the permission to Permit Access.
 
Originally, I was failing authentication and I was receiving Subject Not Found in Store.  I adjusted the Identity Sequence and now I receive a the following error:
 
15039:  Selected Authorization Profile is Deny Access.  So it must not be associating my account with the group with the Permit Access and using the Default Permissions.So it does match the correct Access Service, and Identity Store.

View 1 Replies View Related

Cisco :: Local EAP Authentication On WLC2112 With EAP-FAST / LDAP Server?

Oct 11, 2009

I'm having a problem configuring local EAP Authentication using CA (Windows Server) and LDAP server. I followed the URL:

[URL]

but it seems that CA has no effect. Any wireless client who has his own LDAP account can access to the network.What I want is just allow some wireless clients to access if they have approved CA before.

View 2 Replies View Related

Cisco VPN :: 5505 - LDAP Authentication And Local User Database

Mar 14, 2011

How i can use both LDAP Authentication and local user database to authenticate the remote vpn clinet in asa 5505?
 
when i try to do the things either only one method is working both are not working at a time.

View 3 Replies View Related

Cisco :: 2504 LDAP Setting Up To Accept Authentication Based On Device

Aug 19, 2012

How can I setup the WLC to accept authentication based on the device itself and not a user?

View 7 Replies View Related

Cisco :: 5508 WLC Connect LDAP For Authentication / But Could Not Connect

Aug 9, 2011

I got a problem when I use WLC 5508 connect to LDAP for authentication, but no luck there, it's a simple config, but not easy to work on my job, I got the following messgae. [code]

View 9 Replies View Related

Cisco :: LDAP Password In ASA Configuration?

Nov 2, 2011

Is it possible to encrypt password provided for the ldap-login-password attribute in the ASA configuration? Our auditor is not comfortable with the LDAP (AD) password appearing in clear text in the configuration

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved