Re: MSM - Authentication via Active Directory

Paul.Kraus · ‎08-30-2010

I am installing an MSM765 controller and have run into a problem with authentication via Active Directory. The controller shows that it is "Joined" to the AD domain. However, when a wireless client tries to authenticate the following messages appear in the log. The machine at ip address 10.66.241.217 is one of the Microsoft domain controllers.

Aug 27 12:16:08 debug iprulesmgr The controller has authorized station (mac-address='E8:06:88:78:BE:A6').
Aug 27 12:16:08 debug iprulesmgr Sending RADIUS Packet (Length:'266',Code:'Access-Request',Id:'237') to RADIUS Server (Ip:'127.0.0.1',Port:'1645') for User (nas-port:'21',username:'europe\ppmm').

Aug 27 12:16:09 warning radiusd Cound not bind to AD; DNS unreachable? (Client not found in Kerberos database)

Aug 27 12:16:09 debug radiusd E:rlm_ldap: bind to 10.66.241.217:636 failed Unknown error

Aug 27 12:16:09 debug radiusd E:rlm_ldap: (re)connection attempt failed

The MSM configuration guide only mentions joining the controller to the AD domain. But is there something more that needs to be done? Is there some specific configuration required for Kerberos?

Paul.Kraus · ‎08-30-2010

The message "Client not found in Kerberos database" was due to the fact that the Windows domain entry for the controller had been deleted. After joining the MSM controller to the domain again, authentication work correctly.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: MSM - Authentication via Active Directory

MSM - Authentication via Active Directory

Re: MSM - Authentication via Active Directory