I can successfully configure an LDAPS AAA for Services & Profiles, however I cannot get a successful authentication with Admins and Roles when using LDAPS or Active Directory. My goal is to let my administrators sign in with their ADDS credentials (Azure ADDS with Secure LDAP).
Admins and Roles -> AAA Configuration
Name Azure ADDS (LDAPS) Type LDAP Realms company.net.au,company.com.au,company Default Role Mapping Yes IP Address 20.213.x.x Base Domain Name OU=AADDC Users,DC=company,DC=net,DC=au Admin Domain Name CN=Company Bind Service Account,OU=AADDC Users,DC=company,DC=net,DC=au Key Attribute sAMAccountName Search Filter ((objectClass=*)(saMAccountName=ADM-*))
When testing a known-good username, it fails. I notice that the Admins and Roles section does not allow specifying LDAPS (636) or TLS as the protocol like the Services & Profiles section does. Is this a missing feature for my firmware version?
Any assistance would be appreciated. The same settings have been used in other applications and work perfectly fine, so my belief is that the Admins and Roles AAA section does not use TLS/Secure LDAP.
Thanks in advance!
it was tricky for me too some day. in our enviroment (onPremise AD) it works with the following setting, guess you just have to adopt to Azure LDAPs
1. Create an AAA Server
Type Active Directory
Realms: yourdomain.local (the Domain from your UPN / Username)
Default Role Mapping No
IP Address: DC IP
Windows Domain Name: DC=yourdomain,DC=local
2. create an administrators account in SmartZone, as SmartZone Service Account:
e. g. Company-WLAN-Admins
3. create a group in Smartzone, with your needed permissions
e. g. Company-WLAN-Admins
4. Select the administrator from 2. as Member of the group from 3.
5. Create an AD SecurityGroup:
and put in your AD Users in - the Ruckus-WSG-User- is important!!
login to SZ is your full UPN Username then.
I have tried this again and I still am not having any luck. I am now on a vSZ High Scale running 188.8.131.52.935.
Configuring AAA for Proxy (SZ Authenticator) against Azure LDAPS works as expected.
Configuring AAA for Administrators does not (using the exact same settings).
The error given is invalid username or password, which is incorrect as I have checked numerous known credentials that are a member of the correct group.
Are there any logs I can look at on a vSZ High Scale to see what the real reason for the LDAP connection failure for AAA Administrators was?
Upload the CA certificate to Administration > System >Certificates > SZ Trusted CA Certificates/Chain (external). This allowed AD (TLS) to work for my internal domain. No other settings changes and I was getting that same error