Hello everyone,
new to meraki,
with our organization we are trying to configure enterprise security method with local auth for a new Corporate ssid
The attempt is to use only password authentication.
If I understand correctly , as stated in the Meraki documentation, this would allow us not to configure a RADIUS server.
Even though we follow all the instructions every time we attempt to test for a connection to the LDAP server, it fails.
Doing a test with the splash page and active directory, however, the test is successful, so it cannot be a Server certificate problem.
Does anyone have any suggestions or tried the same configuration?
Thanks in advance.
Solved! Go to solution.
Resolved, the problem lay in the certificate created in the server, which was missing the correct "X509v3 Subject Alternative Name" extension
Have you install a certificate onto the AD controller?
You can create one with IIS Manager (don't need IIS installer, just the manager):
https://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html
>Even though we follow all the instructions every time we attempt to test for a connection to the LDAP server, it fails.
If you check the event logs on the client and server - do you see any errors?
I checked the event logs on the server, but I don't actually see any errors related to connection attempts. we didn't test using a client, because by failing the test, I assume it doesn't work.
My doubt is about the correct port to use.
If the server is a global catalog I know that port 3269 is used for LDAP.
I have also tried 389 and 636, but still the test fails.
I'm using LDAP with Okta as, and I can't even pass through the authentication either.
We used Okta certs.
The tests fail every time, but I can connect using LDAP directly on port 636 with a Client(and I have a similar setup on my Printing service and it works with no issues). But if I attempt to do it with Meraki is no communication whatsoever. If I try to connect to the test ssid i get fail authentication every time...
I really want this feature to works but I'm having a hard time with it.
Resolved, the problem lay in the certificate created in the server, which was missing the correct "X509v3 Subject Alternative Name" extension
Hi James,
In my case i'm trying to use LDAP with OKTA cert, how did you added this to the cert itself? You just edit the cert with a text editor and add that line("X509v3 Subject Alternative Name")?
By the doc says:
The LDAP server’s certificate must have a subjectAltName field that matches the Host address configured on the dashboard (either IP address or FQDN)
which in my case would be something in the terms of domain.ldap.okta.com
is that it?