Cisco router TekRadius authentication with LDAP server

[Law King Hin]

Hi Yasin,

I have a LDAP server and a TekRadius server. I tested with cisco router radius login with  TekRadius is completely fine. When I try to add LDAP authentication to TekRadius, it is not working.

Thanks!

[Yasin KAPLAN]

Hi,

Can you send TekRADIUS log entries (Accessible through File menu) after setting log level to developer at Settings / Service Parameters for an authentication attempt?

Best regards,

Yasin KAPLAN

[Law King Hin]

Debug message (NativeLDAPQuery) The supplied credential is invalid

[Law King Hin]

Dear Yasin,

The cisco group group user with user account and password ( not using LDAP/AD ) can access normally. 

yasin....@gmail.com在 2021年4月15日星期四下午5:52:44 [UTC+8]寫道：

[Law King Hin]

yasin....@gmail.com在 2021年4月15日星期四下午5:52:44 [UTC+8]寫道：

[Yasin KAPLAN]

Hi,

The error message in the screen capture is different than "The supplied credential is invalid"

I think there is problem with syntax of value of Directory-Server attribute in AD group. Can you send it in a private message directly to me?

Best regards,

Yasin KAPLAN

[Yasin KAPLAN]

Your Directory-Server attribute should look like

ldaps://example.com/uid=%uid%,dc=example,dc=com

You should not enter just an IP address.

[Law King Hin]

Hi Yasin,

How could I edit if have sub domain ?

Thanks! 

[Yasin KAPLAN]

It should look like

ldaps://example.com/uid=%uid%,cn=group1,ou=groups,dc=example,dc=com

[Law King Hin]

Hi Yasin,

cn means the sub domain name ?, such as hk.test.com,   sz.test.com. I will input hk / sz ?

Thank!

[Yasin KAPLAN]

Have you tried 

ldaps://hk.example.com/uid=%uid%,dc=example,dc=com

or 

ldaps://az.example.com/uid=%uid%,dc=example,dc=com

[Law King Hin]

Hi Yasin,

I will test and let you know.

Thanks!