https://community.cisco.com/t5/wireless/a-little-lost/m-p/2312408#M157771 <HTML><HEAD></HEAD><BODY><P>Any time you use a radius server and the client use 802.1x authentication, then certificates are always involved. Is there an easy way... Sure, if you use a pre shared key, but that will not look up users via AD. You could search around and do LDAP of the WLC, but that's not my preferred way at all. Since you have AD and NPS, have your server team being up a CA and install certificates. Or you can buy a certificate for around 200 bucks a year and install that on the radius server. You can also use IIS and create a self signed if you want.<BR /><BR /><A href="http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html" target="_blank">http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html</A><BR /><BR />Sent from Cisco Technical Support iPhone App</P></BODY></HTML> Tue, 03 Sep 2013 21:10:08 GMT Scott Fella 2013-09-03T21:10:08Z https://community.cisco.com/t5/wireless/a-little-lost/m-p/2312406#M157769 <P>A little lost </P><P>I have a 5508 Wlc&nbsp; and 6 AP's&nbsp; </P><P>I have asetup a guest Wlan and vlan user login via Wlc and get web page to authacate works good </P><P></P><P>My issue is the internal wlan&nbsp;&nbsp; I would like it to login in to MS AD&nbsp; same as Lan clients&nbsp; for sure I am missing something </P><P></P><P>We have AD 2008 r2 with a NPC installed and dns&nbsp; No cert server installed on Domain controller&nbsp; </P><P></P><P>I am in the middle of these steps <A href="http://networklessons.com/wireless/peap-and-eap-tls-on-server-2008-and-cisco-wlc/" target="_blank">http://networklessons.com/wireless/peap-and-eap-tls-on-server-2008-and-cisco-wlc/</A></P><P></P><P>I&nbsp; was thinking there has to to be an easy way to do this without a cert server </P><P></P><P>Any ideas </P><P></P><P>Thanks I hate beiing a Noob at this </P> Sun, 04 Jul 2021 07:36:10 GMT https://community.cisco.com/t5/wireless/a-little-lost/m-p/2312406#M157769 ciscosupport08 2021-07-04T07:36:10Z https://community.cisco.com/t5/wireless/a-little-lost/m-p/2312407#M157770 <HTML><HEAD></HEAD><BODY><P>For refer to the link-</P><P></P><P><A href="http://www.rebeladmin.com/2011/03/step-by-step-guide-to-setup-active-directory-windows-server-2008/">http://www.rebeladmin.com/2011/03/step-by-step-guide-to-setup-active-directory-windows-server-2008/</A></P></BODY></HTML> Tue, 03 Sep 2013 20:59:35 GMT https://community.cisco.com/t5/wireless/a-little-lost/m-p/2312407#M157770 Abhishek Abhishek 2013-09-03T20:59:35Z https://community.cisco.com/t5/wireless/a-little-lost/m-p/2312408#M157771 <HTML><HEAD></HEAD><BODY><P>Any time you use a radius server and the client use 802.1x authentication, then certificates are always involved. Is there an easy way... Sure, if you use a pre shared key, but that will not look up users via AD. You could search around and do LDAP of the WLC, but that's not my preferred way at all. Since you have AD and NPS, have your server team being up a CA and install certificates. Or you can buy a certificate for around 200 bucks a year and install that on the radius server. You can also use IIS and create a self signed if you want.<BR /><BR /><A href="http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html" target="_blank">http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html</A><BR /><BR />Sent from Cisco Technical Support iPhone App</P></BODY></HTML> Tue, 03 Sep 2013 21:10:08 GMT https://community.cisco.com/t5/wireless/a-little-lost/m-p/2312408#M157771 Scott Fella 2013-09-03T21:10:08Z