10-28-2015 01:55 PM - edited 03-10-2019 11:11 PM
Hi everyone,
I'm migrating from 4.2, and I'm interested in knowing what is the benefit of joining the domain rather than just performing LDAP queries on a search base.
1) Is it mostly an issue for RADIUS authentication rather than for TACACS+, and if so is it at all useful for a TACACS+ only deployment?
2) Is there a noticeable performance difference, and if so then which performs best?
3) Are there any pitfalls in joining the domain rather than using LDAP?
Thanks for your thoughts!
Solved! Go to Solution.
10-28-2015 02:18 PM
Hod,
Performance wise there is no as such difference and deciding which database to use depends on type of authentication we use. Some protocol like mschap is not supported by LDAP so incase you do wireless authentication using PEAP, AD will work.
Here is the protocol compatablity chart,
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/user/guide/acsuserguide/eap_pap_phase.html#45144
Regards,
~JG
Do rate helpful posts
10-28-2015 02:18 PM
Hod,
Performance wise there is no as such difference and deciding which database to use depends on type of authentication we use. Some protocol like mschap is not supported by LDAP so incase you do wireless authentication using PEAP, AD will work.
Here is the protocol compatablity chart,
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/user/guide/acsuserguide/eap_pap_phase.html#45144
Regards,
~JG
Do rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide