LDAP Authentification on OS6860

Post Reply
nerooz
Member
Posts: 3
Joined: 11 Aug 2020 04:54

LDAP Authentification on OS6860

Post by nerooz »

Hello everyone,

I had issues with ldap configuration,

There is the configuration i use :
#cn=omnivista is a user
#cn=Gr_X is a group

aaa ldap-server "LDAP" host X.X.X.A X.X.X.B dn "cn=omnivista,ou=X,dc=X,dc=X" hash-key "XXXXXXXXXXXXXXXXXXXXXXXXXXXX" hash-salt "XXXXXXXXXXXXXXXXXXX" base "cn=Gr_X,dc=X,dc=X" type generic retransmit 3 timeout 2 no ssl vrf-name default
aaa authentication default "local"
aaa authentication console "local"
aaa authentication telnet "LDAP" "local"


And there is the swlog i got when i try to connect with Putty (Telnet) : "domain\user"
#X.X.X.B is the LDAP slave server
#X.X.X.A is the LDAP main server
#X.X.X.C is my computer IP


2020 Aug 11 10:46:42.452 OS6860 swlogd SES AAA INFO: Login by domain\user from X.X.X.C through Telnet Failed [in LoginAaaSession::handleLoginResult()]
2020 Aug 11 10:46:42.452 OS6860 swlogd SES MIP EVENT: CUSTLOG CMM Authentication failure detected: user domain\user
2020 Aug 11 10:48:42.577 OS6860 swlogd ldapClientCmm main INFO: =====>>> In ldap3aSrvDown: 472
2020 Aug 11 10:48:42.587 OS6860 swlogd ldapClientCmm main INFO: LDAP-B-X.X.X.B:Swithchover 1 transactions to X.X.X.A
2020 Aug 11 10:48:42.598 OS6860 swlogd ldapClientCmm main INFO: LDAP-B-X.X.X.B:MICROSOFT
2020 Aug 11 10:48:43.460 OS6860 swlogd ldapClientCmm main WARN: LDAP-P-X.X.X.A:0xfffffff9 ldap_search "Bad search filter"
2020 Aug 11 10:48:43.472 OS6860 swlogd ldapClientCmm main INFO: In ldap3aSrvDown: 453
2020 Aug 11 10:48:43.492 OS6860 swlogd ldapClientCmm main INFO: LDAP-P-X.X.X.A:Connection lost (8663636-ldap_search)

With the error "Bad search filter" i was thinking about the filter sAMAccountName, but there is no options with this filter on this OS ?
Can you help me to find where it doesn't work ?

Thanks,
Regards
silvio
Alcatel Unleashed Certified Guru
Alcatel Unleashed Certified Guru
Posts: 1487
Joined: 01 Jul 2008 10:51
Location: Germany

Re: LDAP Authentification on OS6860

Post by silvio »

Maybe you will find the answer for ldap in the switch management guide.
I never use LDAP direct from thes switches (f.e. direct to AD). I prefere to use a radius server instead (f.e. MS-NPS). And the radius server has access to the AD via LDAP. Especially for the switch access (management) you need special return messages with the priveleges (f.e. read-write all). With a radius server there is the possibility to use policies depending of f.e. the AD-usergroup for it.
BR Silvio
nerooz
Member
Posts: 3
Joined: 11 Aug 2020 04:54

Re: LDAP Authentification on OS6860

Post by nerooz »

I was thinking it could work with aaa ldap-server, i don't understand with they implemented this on switches if we have to use radius to "cheat" and get ldap auth on it. Maybe for special cases. I will try with radius thanks for your reply Silvio :)
Post Reply

Return to “OmniSwitch 6860 / 6860E”