Meraki

Community

Meraki local auth confuguration

Solved
JamesBraddok
Here to help
‎Apr 30 2023 1:31 PM
‎Apr 30 2023 1:31 PM

Meraki local auth confuguration

Hello everyone,

new to meraki,

with our organization we are trying to configure enterprise security method with local auth for a new Corporate ssid

The attempt is to use only password authentication.

If I understand correctly , as stated in the Meraki documentation, this would allow us not to configure a RADIUS server.

Even though we follow all the instructions every time we attempt to test for a connection to the LDAP server, it fails.

Doing a test with the splash page and active directory, however, the test is successful, so it cannot be a Server certificate problem.

Does anyone have any suggestions or tried the same configuration?

Thanks in advance.

Labels:
1 Accepted Solution
JamesBraddok
Here to help
‎Jun 14 2023 3:09 AM
‎Jun 14 2023 3:09 AM

Resolved, the problem lay in the certificate created in the server, which was missing the correct "X509v3 Subject Alternative Name" extension

View solution in original post

7 Replies 7
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 30 2023 1:43 PM
‎Apr 30 2023 1:43 PM

Have you install a certificate onto the AD controller?

 

You can create one with IIS Manager (don't need IIS installer, just the manager):
https://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html 

0 Kudos
In response to PhilipDAth
JamesBraddok
Here to help
‎Apr 30 2023 4:29 PM
‎Apr 30 2023 4:29 PM

Yes, we already installed a certificate on the AD controller, that was the first hurdle. 
Once installed in fact we tested the splash page with Active Directory it started working.
 
The problem is when we do the test with LDAP.

Capture.PNG

 

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 1 2023 1:02 PM
‎May 1 2023 1:02 PM

>Even though we follow all the instructions every time we attempt to test for a connection to the LDAP server, it fails.

 

If you check the event logs on the client and server - do you see any errors?

0 Kudos
In response to PhilipDAth
JamesBraddok
Here to help
‎May 2 2023 1:22 PM
‎May 2 2023 1:22 PM

I checked the event logs on the server, but I don't actually see any errors related to connection attempts. we didn't test using a client, because by failing the test, I assume it doesn't work.
My doubt is about the correct port to use.
If the server is a global catalog I know that port 3269 is used for LDAP.
I have also tried 389 and 636, but still the test fails.

0 Kudos
Claudiosm
Here to help
‎May 8 2023 4:29 PM
‎May 8 2023 4:29 PM

I'm using LDAP with Okta as, and I can't even pass through the authentication either. 

 

We used Okta certs.

 

The tests fail every time, but I can connect using LDAP directly on port 636 with a Client(and I have a similar setup on my Printing service and it works with no issues). But if I attempt to do it with Meraki is no communication whatsoever. If I try to connect to the test ssid i get fail authentication every time...

 

Screenshot 2023-05-08 at 4.23.06 PM.png

Screenshot 2023-05-08 at 4.23.15 PM.png

I really want this feature to works but I'm having a hard time with it.

 

 

0 Kudos
JamesBraddok
Here to help
‎Jun 14 2023 3:09 AM
‎Jun 14 2023 3:09 AM

Resolved, the problem lay in the certificate created in the server, which was missing the correct "X509v3 Subject Alternative Name" extension

In response to JamesBraddok
Claudiosm
Here to help
‎Jun 14 2023 6:52 PM
‎Jun 14 2023 6:52 PM

Hi James, 

 

In my case i'm trying to use LDAP with OKTA cert, how did you added this to the cert itself? You just edit the cert with a text editor and add that line("X509v3 Subject Alternative Name")

 

 

 

By the doc says:

 

  • The LDAP server’s certificate must have a subjectAltName field that matches the Host address configured on the dashboard (either IP address or FQDN)

which in my case would be something in the terms of domain.ldap.okta.com

 

is that it?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.