Meraki

Community

LDAP connection issues. AP wont connect to the server.

Solved
vagrant
Conversationalist
2 weeks ago
2 weeks ago

LDAP connection issues. AP wont connect to the server.

I am currently moving a network over to a new SSID that will be using an LDAP connection. We have gone though the documentation and created the cert to be used with our main DC (local), as well as created an admin account with read access. The cert is using the FQDN for the DC, and the search base DN is configured to use the entire directory (DC=domain,DC=org). 

 

I run the test connection and the AP fails to connect to the server. 

 

I tried both port 389 which gives the error: 

vagrant_0-1746652671349.png

I test port 636 and get: 

vagrant_1-1746652700279.png

 

The only thing I can think of is that I was given a public cert from systems, and not sure if I need the private.

 

I am not sure. I am not systems and ignorant of what I need to communicate over to them because this seems like a cert issue. 

 

Other details just in case: I am using MR44 APs that are fully up to date. I don't see blocking on the firewall. 

 

Any information on this helps. 

Labels:
0 Kudos
1 Accepted Solution
Mloraditch
Kind of a big deal
2 weeks ago
2 weeks ago

Can your AP ping the LDAP server? You need that basic connectivity before anything else. Also port 636 is LDAPS not 626. 

If you can ping the server and neither port works you may need to packet capture to see what is going on. At least in cleartext (389) you will see exactly why it's failing in the ldap messages from the server. It's a bit harder with SSL.  

It sounds like a new setup so your AD admin may need to look at something  like this: https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/ldap-over-ssl-connect...and verify things work in general.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

4 Replies 4
RWelch
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Troubleshooting Active Directory Authentication issues with Splash Page using Windows Event Viewer 

Active Directory Issue Resolution Guide 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
Mloraditch
Kind of a big deal
2 weeks ago
2 weeks ago

Can your AP ping the LDAP server? You need that basic connectivity before anything else. Also port 636 is LDAPS not 626. 

If you can ping the server and neither port works you may need to packet capture to see what is going on. At least in cleartext (389) you will see exactly why it's failing in the ldap messages from the server. It's a bit harder with SSL.  

It sounds like a new setup so your AD admin may need to look at something  like this: https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/ldap-over-ssl-connect...and verify things work in general.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to Mloraditch
vagrant
Conversationalist
2 weeks ago
2 weeks ago

That was a typo. I meant 636. The AP can reach the server I ran a packet capture and there is a successful handshake. I will pass the information on. 

0 Kudos
In response to Mloraditch
vagrant
Conversationalist
2 weeks ago
2 weeks ago

I ran some more captures and found out that there is an issue with the CA. I am going to get with support and systems to get them to give me the correct CA. I appreciate the help. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.