Hello everyone, I'm trying to configure LDAP authentication on an e400 AP (software version 3.6-r16). In the attached image you find the configuration of the Services section.
The corporate Domain Controller is on the same network as the access point, the DC is a WindowsServer 2012 R2 server and the TCP port 389 is open on the local firewall. In the Guest Access section of the WLAN Guest, I set the connection strings following the instructions.
When I try to enter a username and password from the portal using an android smartphone with chrome I get an error message like this:
By enabling the debug logs on the Access point I get these messages.
2018-04-01 09:54:46 1667 device-agent.c:363:da_alive_cb
2018-04-01 09:54:49 1667 wifi.c:1094:Got fcgi request 11
2018-04-01 09:54:49 1667 wifi.c:1118:fcgi_recv_cb: MSG_EXEC_CMD received
2018-04-01 09:54:49 1667 exec-cmd.c:844:Command from 2018-04-01 09:54:49 1667 log.c:207:start_cns_logging: Send log history (10 lines)
Apr 01 09:55:13: wifid : Login request received for client[XX-XX-XX-XX-XX-XX] (hotspot.c:1523)
Apr 01 09:55:13: wifid : Handling hotspot login request for user[domain.ofc\user] from LDAP Server[192.168.0.10]
Apr 01 09:55:13: wifid : LDAP session initialized for client [XX-XX-XX-XX-XX-XX] on ssid[domain-GUESTS] from server[192.168.0.10] (ldap.c
Apr 01 09:55:13: wifid : LDAP server bind failed: Invalid credentials for client [XX-XX-XX-XX-XX-XX] from server[192.168.0.10] (ldap.c:94
I checked the credentials several times and are correct.
Can someone tell me what I'm doing wrong? Thank you
What name you entering in "Username" field of the captive portal page?
As per the log you are entering "domain.ofc\user". If your user is "user", can you please try by entering only username i.e "user" without domain details in captive portal authentication page.
I have tried without domain info.
The username is guestwifi
Apr 02 14:26:10: wifid : Login request received for client[XX-XX-XX-XX-XX-XX] (hotspot.c:1523)
Apr 02 14:26:10: wifid : Handling hotspot login request for user[guestwifi] from LDAP Server[192.168.0.10]
Apr 02 14:26:10: wifid : LDAP session initialized for client [XX-XX-XX-XX-XX-XX] on ssid[WIFI-GUESTS] from server[192.168.0.10] (ldap.c
Apr 02 14:26:10: wifid : LDAP server bind failed: Invalid credentials for client [XX-XX-XX-XX-XX-XX] from server[192.168.0.10] (ldap.c:94
Furthermore the "Login" button does not seem to work properly. If I press it after entering the credentials, it does not seem to send any commands to the AP and if I try again, it immediately returns the authentication error.
I also tried from a PC with 3 different browsers but always with the same result.
Local authentication works fine.
Could you please cross verify the LDAP "guestwifi" user credentials saved under AP guest access tab.
You may be giving correct credentials on the captive portal page but whatever configuration saved on AP, in that something wrong. Please check that.
I have cross checked th credentials and all seems to be correct.
I also tried a different account but with the same results.
Any other system based on AD (my endian proxy for example) works fine.
I have the same problem !
Could you resolve that ?
Can you check the "Network Access Permission" given to the user in "Active Directory users". It should be configured to "Allow" access.