topic Re: Admins and Roles -> AAA -> Secure LDAP/Active Directory in SmartZone and Virtual SmartZone

Admins and Roles -> AAA -> Secure LDAP/Active Directory

ClontarfX — Wed, 02 Nov 2022 02:08:13 GMT

Version: 5.2.2.0.317

I can successfully configure an LDAPS AAA for Services & Profiles, however I cannot get a successful authentication with Admins and Roles when using LDAPS or Active Directory. My goal is to let my administrators sign in with their ADDS credentials (Azure ADDS with Secure LDAP).

Admins and Roles -> AAA Configuration

Name Azure ADDS (LDAPS) Type LDAP Realms company.net.au,company.com.au,company Default Role Mapping Yes IP Address 20.213.x.x Base Domain Name OU=AADDC Users,DC=company,DC=net,DC=au Admin Domain Name CN=Company Bind Service Account,OU=AADDC Users,DC=company,DC=net,DC=au Key Attribute sAMAccountName Search Filter ((objectClass=*)(saMAccountName=ADM-*))

When testing a known-good username, it fails. I notice that the Admins and Roles section does not allow specifying LDAPS (636) or TLS as the protocol like the Services & Profiles section does. Is this a missing feature for my firmware version?

Any assistance would be appreciated. The same settings have been used in other applications and work perfectly fine, so my belief is that the Admins and Roles AAA section does not use TLS/Secure LDAP.

Thanks in advance!

Re: Admins and Roles -> AAA -> Secure LDAP/Active Directory

syamantakomer — Wed, 02 Nov 2022 17:07:25 GMT

Notification: This post has been moved correct category (Zonedirector to SmartZone).

Re: Admins and Roles -> AAA -> Secure LDAP/Active Directory

peter_riederer_ — Thu, 03 Nov 2022 11:06:30 GMT

it was tricky for me too some day. in our enviroment (onPremise AD) it works with the following setting, guess you just have to adopt to Azure LDAPs

1. Create an AAA Server
Name: DomainController
Type Active Directory
Realms: yourdomain.local (the Domain from your UPN / Username)
Default Role Mapping No
IP Address: DC IP
Windows Domain Name: DC=yourdomain,DC=local

2. create an administrators account in SmartZone, as SmartZone Service Account:
e. g. Company-WLAN-Admins

3. create a group in Smartzone, with your needed permissions
e. g. Company-WLAN-Admins

4. Select the administrator from 2. as Member of the group from 3.

5. Create an AD SecurityGroup:
Ruckus-WSG-User-Company-WLAN-Admins
and put in your AD Users in - the Ruckus-WSG-User- is important!!

AAA Server Authentication (commscope.com)

Re: Admins and Roles -> AAA -> Secure LDAP/Active Directory

ClontarfX — Thu, 12 Jan 2023 02:20:13 GMT

I have tried this again and I still am not having any luck. I am now on a vSZ High Scale running 6.1.0.0.935.

Configuring AAA for Proxy (SZ Authenticator) against Azure LDAPS works as expected.

Configuring AAA for Administrators does not (using the exact same settings).

The error given is invalid username or password, which is incorrect as I have checked numerous known credentials that are a member of the correct group.

Are there any logs I can look at on a vSZ High Scale to see what the real reason for the LDAP connection failure for AAA Administrators was?

Re: Admins and Roles -> AAA -> Secure LDAP/Active Directory

JacobM — Tue, 30 May 2023 21:24:12 GMT

Upload the CA certificate to Administration > System >Certificates > SZ Trusted CA Certificates/Chain (external). This allowed AD (TLS) to work for my internal domain. No other settings changes and I was getting that same error

Re: Admins and Roles -> AAA -> Secure LDAP/Active Directory

farouk95 — Thu, 13 Jun 2024 14:24:17 GMT

hello syamantakomer i creat a AAAserver active directory "ldap auth" but when i try to aply a remote login he dasn't work can you help me on this matter