Unable to login using Cisco 802.1x implementation.

  • 3950357
  • 14-Nov-2006
  • 26-Apr-2012

Environment

Novell Client for Windows 2000/XP/2003 4.91 Support Pack 2
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 1
Novell Client for Windows 2000/XP/2003 4.91
Cisco ACS server PEAP - GTC (username and password being passed against eDirectory LDAP)

Situation

Customer is attempting to do a contextless login using Cisco 802.1x implemenation and are unsuccessful.
The user's context is blank and the Cisco client is unable to find the user.
The user is unable to login to the Novell network.
LAN trace shows the Cisco 802.1x client performing an LDAP scan of all users in the tree.
The tree has several thousand users and the LDAP contextless login search times out before completing.

Resolution

It appears that Cisco's 802.1x wireless solution relies upon some of the Novell contextless login pieces for it to work properly. However, the Novell Contextless login pieces are configured, but just not enabled. Novell Support was able to get a LAN trace of the LDAP lookup the workstation was making. The contextless login piece was configured to search the top most container and there was also a 10 second timeout also configured. It appears that the Cisco solution reads the contextless login configuration settings and looks for all users in the container specified and also in the containers below it. Because there were several thousand users, the 10 second timeout was being hit.
In order to resolve the problem, you can go into the Novell contextless login portion of the client and increase the timeout amount. Additionally, you can go in and change the search paths so that fewer containers are searched. This way fewer user objects are being returned to the Cisco 802.1x client.
If you are encountering a large number of user accounts being returned, you may want to contact Cisco Technical Support and see if there is a way to limit the LDAP search that the Cisco 802.1x client is performing.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.