Extreme Networks

Tom10 · ‎12-17-2018

Is there any way to define which attribute the RADIUS server checks in an external LDAP server? It seems to be hitting the first one that it hits (NT passwd) rather than the userPassword attribute which has caused some odd problems.

Tom10 · ‎12-17-2018

OpenLDAP

samantha_lynn · ‎12-17-2018

Thank you for that output. Could you tell me what application you are using to manage your user directory?

Tom10 · ‎12-17-2018

Hi,
ah00#exec aaa ldap-search username tom
ah00#
Exec-Program output:
Search user 'tom' under baseDN ou=users,dc=pcc,dc=com successful.
filter: (uid=tom)
dn: uid=tom,ou=users,dc=pcc,dc=com
uid: tom
mail: tom@pcc.com
password exists
password exists
I take it we shouldn’t see password exists twice?
Sent from Mail for Windows 10

samantha_lynn · ‎12-17-2018

That depends a bit on what we're getting back from the LDAP server. Would you be able to provide the output from this command:

exec aaa ldap-search

Also, if you can send tech data from the AP you run that command on, that would be helpful. If you'd rather send that to me directly, my email is communityhelp@aerohive.com.

To get tech data in HiveManager (formerly NG, cloud.aerohive.com):

Tools> Utilities> Get tech data> Check the box next to the device> Get tech data (blue button at the top of the page this time).

This guide reviews how to get tech data from the CLI of the AP in case that is more convenient:

https://thehivecommunity.aerohive.com/s/article/Collecting-Tech-Data-via-CLI

Extreme Networks

how to designate the password field used by LDAP AAA/RADIUS

how to designate the password field used by LDAP AAA/RADIUS