Failed authentication problem with v7 portal combined with ldap

Normal wireless topology, using v7 AC, with the endpoint's gateway and dhcp server configured on the core switch.

The terminal can access the wireless service and get the address, and the portal page can pop up, but the authentication failure is indicated.

Check the username and password configured on the ldap server, and the failure is resolved after checking again to enter the username anThe portal page can pop up, enter the user name and password and click submit to report authentication failure, indicating that there is no problem with portal authentication, and should focus on analyzing the ldap process.

Enable LDAP debug on AC on-site.

There are error messages in the debug log:

*Apr 20 10:18:43:277 2021 Wireless Controller LDAP/7/EVENT:

PAM_LDAP: Get result message errno = 49

*Apr 20 10:18:43:277 2021 Wireless Controller LDAP/7/ERROR:

PAM_LDAP: Failed to perform binding operation as user.

The server replies with an error reason code 49, indicating authentication failure. The specific failure information needs to be checked from the captured packets.

Packet capture is performed between AC and LDAP, and the error code is found to be 52e, indicating that the password or credential is invalid. Therefore, it is recommended to check the username and password configuration on-site.

Explanation of common error codes:

525 - User does not exist

52e - Password or credentials are invalid

530 - Login not permitted at this time

531 - Login not permitted at this workstation

532 - Password has expired

533 - Account is disabled

701 - Account has expire

773 - User must reset password

775 - User account is locked

Check the username and password configured on the ldap server, and the failure is resolved after checking again to enter the username and password.