cancel
Showing results for 
Search instead for 
Did you mean: 

Admins and Roles -> AAA -> Secure LDAP/Active Directory

ClontarfX
New Contributor

Version: 5.2.2.0.317

I can successfully configure an LDAPS AAA for Services & Profiles, however I cannot get a successful authentication with Admins and Roles when using LDAPS or Active Directory. My goal is to let my administrators sign in with their ADDS credentials (Azure ADDS with Secure LDAP).

Admins and Roles -> AAA Configuration

 

 

Name	Azure ADDS (LDAPS)
Type	LDAP
Realms	company.net.au,company.com.au,company
Default Role Mapping	Yes
IP Address	20.213.x.x
Base Domain Name	OU=AADDC Users,DC=company,DC=net,DC=au
Admin Domain Name	CN=Company Bind Service Account,OU=AADDC Users,DC=company,DC=net,DC=au
Key Attribute	sAMAccountName
Search Filter	((objectClass=*)(saMAccountName=ADM-*))

 

 

When testing a known-good username, it fails. I notice that the Admins and Roles section does not allow specifying LDAPS (636) or TLS as the protocol like the Services & Profiles section does. Is this a missing feature for my firmware version?

Any assistance would be appreciated. The same settings have been used in other applications and work perfectly fine, so my belief is that the Admins and Roles AAA section does not use TLS/Secure LDAP.

Thanks in advance!

4 REPLIES 4

syamantakomer
Community Admin
Community Admin

Notification: This post has been moved correct category (Zonedirector to SmartZone).


Syamantak Omer
Sr.Staff TSE | CWNA | CCNA | RCWA | RASZA | RICXI
RUCKUS Networks, CommScope!
Follow me on LinkedIn

peter_riederer_
Contributor

it was tricky for me too some day. in our enviroment (onPremise AD) it works with the following setting, guess you just have to adopt to Azure LDAPs

1. Create an AAA Server
Name: DomainController
Type Active Directory
Realms:  yourdomain.local (the Domain from your UPN / Username)
Default Role Mapping No
IP Address: DC IP
Windows Domain Name: DC=yourdomain,DC=local

2. create an administrators account in SmartZone, as SmartZone Service Account:
e. g. Company-WLAN-Admins

3. create a group in Smartzone, with your needed permissions
e. g. Company-WLAN-Admins

4. Select the administrator from 2. as Member of the group from 3.

5. Create an AD SecurityGroup:
Ruckus-WSG-User-Company-WLAN-Admins
and put in your AD Users in - the Ruckus-WSG-User-  is important!!

AAA Server Authentication (commscope.com)

login to SZ is your full UPN Username then.

good luck

 

ClontarfX
New Contributor

I have tried this again and I still am not having any luck. I am now on a vSZ High Scale running 6.1.0.0.935.

Configuring AAA for Proxy (SZ Authenticator) against Azure LDAPS works as expected.

Configuring AAA for Administrators does not (using the exact same settings).

The error given is invalid username or password, which is incorrect as I have checked numerous known credentials that are a member of the correct group.

Are there any logs I can look at on a vSZ High Scale to see what the real reason for the LDAP connection failure for AAA Administrators was?

Upload the CA certificate to Administration > System >Certificates > SZ Trusted CA Certificates/Chain (external). This allowed AD (TLS) to work for my internal domain. No other settings changes and I was getting that same error