LDAP With RFS6000 and WinServer 2003

Y Yanis Dalabiras 3 years 4 months ago
3 1 0

I have a problem with LDAP with RFS6000 x WinServer 2003. When I try to connect I receved a message from "system logging" at RFS, "user invalid". I followed the document from Motorola. Some can help me? This is my configuration: RFS6000 V4.3.2.0-012R RFS6000(config)# wireless RFS6000(config-wireless)# wlan 1 description LDAP-DOT1X RFS6000(config-wireless)# wlan 1 ssid LDAP-DOT1X RFS6000(config-wireless)# wlan 1 vlan 40 RFS6000(config-wireless)# wlan 1 radius dynamic-vlan-assignment enable RFS6000(config-wireless)# wlan 1 encryption-type ccmp RFS6000(config-wireless)# wlan 1 authentication-type eap RFS6000(config-wireless)# wlan 1 radius server primary 192.168.10.12 RFS6000(config-wireless)# wlan 1 radius server primary radius-key 0 hellomoto RFS6000(config-wireless)# wlan 1 radius reauth 3600 RFS6000(config-wireless)# wlan 1 enable RFS6000(config-wireless)# Ctrl^Z RFS6000(config)# radius-server local RFS6000(config-radsrv)# nas 192.168.10.12/32 key 0 hellomoto OR RFS6000(config-radsrv)# nas 192.168.10.0/24 key 0 hellomoto RFS6000(config-radsrv)# authentication data-source ldap RFS6000(config-radsrv)# authentication eap-auth-type peap-gtc RFS6000(config-radsrv)# ldap-group-verification enable RFS6000(config-radsrv)# ldap-server primary host 192.168.10.6 port 389 login "(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})" bind-dn "cn=rfswitch,cn=Users,dc=vicunha,dc=com,dc=br" base-dn "cn=Users,dc=vicunha,dc=com,dc=br" passwd 0 "hellomoto" passwd-attr "UserPassword" group-attr "cn" group-filter "(|(&(objectClass=group)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-userDn})))" group-membership "radiusGroupName" net-timeout 1 RFS6000(config-radsrv)# group “Vicunha” RFS6000(config-radsrv-group)# policy wlan 1 RFS6000(config-radsrv-group)# policy day Weekdays RFS6000(config-radsrv-group)# policy time start 07 00 end 18 00 RFS6000(config-radsrv-group)# Ctrl^Z RFS6000(config)# service radius RFS6000(config)# Ctrl^Z

Please Register or Login to post a reply

1 Replies

M Marcus Kurath

THe LDAP syntax is very specific as far as the location of the users directory, the bind user and many other things I've attached a doc which I used to config a working scenario (Kevin Marshall provided it)..I'll follow with a config Keep in mind---the bind user must be stored in AD with reversible encryption.. the rest of the users do not need ths config. I also have some traces showing the successful nind..which is the first step..then auth of the individulal user

CONTACT
Can’t find what you’re looking for?