Meraki

Community

Trouble Linking to Active Directory

praf8472
Comes here often
‎Jan 24 2023 9:00 AM
‎Jan 24 2023 9:00 AM

Trouble Linking to Active Directory

Hi,

 

We already have 1 network with mobile devices and a connection to AD setup via a Windows server with the Meraki Systems Manager Agent on it.

 

We're trying to setup a new network.  I've got another Windows server 2019 setup with the Meraki Systems Manager Agent on it and it's enrolled in the network.  The problem is I can't get the server to show a green tick under Systems Manager > General > End User authentication settings

 

I've chosen Active Directory: Use you own Active Directory server

 

I've entered the email domain

 

I've filled in all the other fields like we have in our other network but when I select the gateway I get the following error:

 

ldap_bind: Can't contact LDAP server

 

I've check and the WMI server is running.

 

The server and the user I've entered have access to AD.

 

We're using port 3268

 

The server is not a domain controller but in our other network the server is not a domain controller, it just has the AD DS and AD LDS Tools installed.

 

Plus the other server that works is Windows 2016, if that makes any difference.

 

I'm just wondering what I'm missing.

 

Hope that makes sense and someone can help.

 

Thanks

Labels:
0 Kudos
8 Replies 8
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 24 2023 12:34 PM
‎Jan 24 2023 12:34 PM

Does the AD controller have a certificate installed on it?

0 Kudos
praf8472
Comes here often
‎Jan 25 2023 6:01 AM
‎Jan 25 2023 6:01 AM

Hi,

 

Sorry, I've not installed any certificate on the server.  Which certificate does it need to have installed?

0 Kudos
In response to praf8472
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 25 2023 10:41 AM
‎Jan 25 2023 10:41 AM

This document lists the requirements for the certificate:

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Direc... 

0 Kudos
praf8472
Comes here often
‎Jan 26 2023 5:44 AM
‎Jan 26 2023 5:44 AM

Hi,

 

Does this work with a wildcard certificate?

0 Kudos
In response to praf8472
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 26 2023 11:51 AM
‎Jan 26 2023 11:51 AM

I don't know for sure - but it should.

0 Kudos
PaulF
Meraki Employee
Meraki Employee
‎Jan 26 2023 7:34 AM
‎Jan 26 2023 7:34 AM

The reason that you're not getting. tick, BUT it may be working is because the MX is probably NOT on the same subset. 

 

Right at the top of: https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Direc...

 

Currently, Active Directory-based authentication works only if one of the following is true:

  • The Domain Controller is in a VLAN configured on the appliance
  • The Domain Controller is in a subnet for which a static route is configured on the appliance
  • The Domain Controller is accessible through the VPN.
0 Kudos
In response to PaulF
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 26 2023 11:59 AM
‎Jan 26 2023 11:59 AM

This is in the "Mobile Device Management" forum ... so I think it is talking about Systems Manager AD Configuration.

 

https://documentation.meraki.com/SM/Device_Enrollment/SM_Enrollment_Authentication#Active_Directory_... 

0 Kudos
In response to PhilipDAth
PaulF
Meraki Employee
Meraki Employee
‎Jan 27 2023 1:09 AM
‎Jan 27 2023 1:09 AM

You're absolutely right, @PhilipDAth , thanks for pointing that out....

 

"The server is not a domain controller but in our other network the server is not a domain controller, it just has the AD DS and AD LDS Tools installed."

 

This may, however, be the crux of the issue...

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.