M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

MSM - Authentication via Active Directory

 
Highlighted
Paul.Kraus
Occasional Advisor

MSM - Authentication via Active Directory

I am installing an MSM765 controller and have run into a problem with authentication via Active Directory. The controller shows that it is "Joined" to the AD domain. However, when a wireless client tries to authenticate the following messages appear in the log. The machine at ip address 10.66.241.217 is one of the Microsoft domain controllers.

Aug 27 12:16:08 debug iprulesmgr The controller has authorized station (mac-address='E8:06:88:78:BE:A6').
Aug 27 12:16:08 debug iprulesmgr Sending RADIUS Packet (Length:'266',Code:'Access-Request',Id:'237') to RADIUS Server (Ip:'127.0.0.1',Port:'1645') for User (nas-port:'21',username:'europe\ppmm').

Aug 27 12:16:09 warning radiusd Cound not bind to AD; DNS unreachable? (Client not found in Kerberos database)

Aug 27 12:16:09 debug radiusd E:rlm_ldap: bind to 10.66.241.217:636 failed Unknown error

Aug 27 12:16:09 debug radiusd E:rlm_ldap: (re)connection attempt failed

The MSM configuration guide only mentions joining the controller to the AD domain. But is there something more that needs to be done? Is there some specific configuration required for Kerberos?

1 REPLY 1
Highlighted
Paul.Kraus
Occasional Advisor

Re: MSM - Authentication via Active Directory

The message "Client not found in Kerberos database" was due to the fact that the Windows domain entry for the controller had been deleted. After joining the MSM controller to the domain again, authentication work correctly.