Environment
Novell Client for Windows 2000/XP/2003 4.91 Support Pack
2
Novell Client for Windows 2000/XP/2003 4.91 Support Pack
1
Novell Client for Windows 2000/XP/2003 4.91
Cisco ACS server PEAP - GTC (username and password being
passed against eDirectory LDAP)
Situation
Customer is attempting to do a contextless login using Cisco
802.1x implemenation and are unsuccessful.
The user's context is blank and the Cisco client is unable to
find the user.
The user is unable to login to the Novell network.
LAN trace shows the Cisco 802.1x client performing an LDAP
scan of all users in the tree.
The tree has several thousand users and the LDAP contextless
login search times out before completing.
Resolution
It appears that Cisco's 802.1x wireless solution relies upon
some of the Novell contextless login pieces for it to work
properly. However, the Novell Contextless login pieces are
configured, but just not enabled. Novell Support was able to
get a LAN trace of the LDAP lookup the workstation was
making. The contextless login piece was configured to search
the top most container and there was also a 10 second timeout also
configured. It appears that the Cisco solution reads the
contextless login configuration settings and looks for all users in
the container specified and also in the containers below it.
Because there were several thousand users, the 10 second timeout
was being hit.
In order to resolve the problem, you can go into the Novell
contextless login portion of the client and increase the timeout
amount. Additionally, you can go in and change the search
paths so that fewer containers are searched. This way fewer
user objects are being returned to the Cisco 802.1x client.
If you are encountering a large number of user accounts being
returned, you may want to contact Cisco Technical Support and see
if there is a way to limit the LDAP search that the Cisco 802.1x
client is performing.