08-21-2011 11:55 PM - edited 03-10-2019 06:20 PM
I am trying to migrate away from EAP-TLS to PEAP because my Server Certificates expired and I wasted a whole day trying to do new ones over and over again.
But also , the user base here are trying to get iPad and Andriod and 'other' on the Wireless and EAP-TLS is too trickey.
I keep getting closer and closer to my goal - but now I am stuck at:- '22017 DenyAccess Identity Source selected'
I have trawled my way thru:- Access Policies > Access Services > Default Network Access > Identity , Group Mapping trying to add 'PEAP' but it always tells me the above error !!!
I would love cream it all and only use WLC to LDAP - but I could not get that to work either and the debug showed no activity...
It there one document out there:- ACS 5.x LDAP to PEAP ???
btw:- here we have two 'forests' and the 'Active Directory' uses PEAP perfectly - so why can't I get the LDAP to be as good ?????
Many Thanks , Josh
Solved! Go to Solution.
08-22-2011 02:44 AM
Check table B-5
LDAP does not support PEAP-Mschapv2. This is not an ACS restriction but a restriction from LDAP databases returning clear-text passwords.
That's why active directory is a bit more than just "an ldap database" because it does allow mschapv2 methods.
08-22-2011 02:44 AM
Check table B-5
LDAP does not support PEAP-Mschapv2. This is not an ACS restriction but a restriction from LDAP databases returning clear-text passwords.
That's why active directory is a bit more than just "an ldap database" because it does allow mschapv2 methods.
08-23-2011 06:39 PM
Thanks for that , I have two ACS's , so looks like if i want PEAP for both Forests , they will be separate ACS's too both on pure Active Directory.
but for the time being - I got the certificates to work - curse my feeble not understanding the 'proccess' !!!
I have made an appointment in my calendar for 1-AUG-2012 to put new Certificates , with instructions , so i dont forget.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide