Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


acs 5.2 peap-gtc and ldap

We want to use eap-ttls and ldap (not AD).  That isn't supported.

So we want to go PEAP, but the only methods are PEAP-MSCHAP or PEAP-GTC.  Now the docs say PEAP-GTC supports ldap on the identity store.

So is GTC simply GTC without a token card? (simple login and password) and will work with LDAP?  Do some of the GTC look like an LDAP auth?

So because a GTC is just login/password, using that method for ldap is okay even though it isn't a GTC even though the password isn't a one time one?  Just funny to use GTC without a GTC involved.


Well, I convinced myself it is going to work.

Hello Eugene,

I have configured the ACS 5.1 with LDAP Authentication against a Windows domain. I have also installed Cisco Secure Service Client (CSSC Supplicant) with PEAP GTC enabled for the Tunneled Method. I only have static password defined in Windows Domain.

I have tested authentication with client configured for PEAP-GTC > ACS 5.1 with LDAP database > Windows AD acting as backend LDAP and everything is working fine.

So, it seems that PEAP-GTC, even though is meant for OTP database would work when authenticating against LDAP database as well.

ACS configuration:

NOTE: The above was configured on a Lab Environment and I cannot assure how it will behave on a production network.

NOTE: Click images to enlarge.

That being said it seems that the suggested scenario might work.

If this was helpful please rate.

Best Regards.

Thank you very much Carlos.  I just have to get my wireless guy to configure PEAP-GTC on a VLAN so I can test.

I wish EAP-TTLS was also supported, but I will take what I can get.

Content for Community-Ad