Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
701
Views
0
Helpful
5
Replies

NDS Database and WLAN 802.1x/LEAP authentication through ACS 3.2.3.11?

tmoffett
Cisco Employee
Cisco Employee

‎05-12-2005 11:29 AM - edited ‎03-10-2019 02:09 PM

A customer wants to allow WLAN client authentication through Cisco Secure ACS to an NDS database.

I have just read that this is not possible because NDS doesn't support MS-CHAP?

Are there any dynamic key based 802.1x/EAP methods that WILL work through ACS/unknown user DB/NDS?

Thanks,

Tim M.

Labels:
0 Helpful
5 Replies 5

paddyxdoyle
Level 6
Level 6

‎05-13-2005 03:11 AM

Hi,

I'm not 100% up on the Novell side of things but we have a standard LDAP connection from our ACS to our Novell Edirectory so its not an NDS connection as such but it is an LDAP connection to NDS.

I have successfully trialed PEAP using this method from XP using the native XP client to ACS Release 3.2(3) Build 11.

The ACS server requires a certificate for PEAP, you can get a 15 day test certificate from Verisign.

HTH

Paddy

0 Helpful

tmoffett
Cisco Employee
Cisco Employee
In response to paddyxdoyle

‎05-19-2005 04:30 AM

Thanks for the info.

Any idea on how varying contexts are handled at the client end? Are they required to submit the full distinguished name of their AD user object?

Why did you go the PEAP route? I am looking at EAP-FAST, but without phase 0, I have to manually distribute the PAC files (as I understand things).

Also, how did you get the trial certificate?

Thanks!

Tim M.

0 Helpful

tmoffett
Cisco Employee
Cisco Employee
In response to paddyxdoyle

‎05-19-2005 04:31 AM

Thanks for the info.

Any idea on how varying contexts are handled at the client end? Are they required to submit the full distinguished name of their AD user object?

Why did you go the PEAP route? I am looking at EAP-FAST, but without phase 0, I have to manually distribute the PAC files (as I understand things).

Also, how did you get the trial certificate?

Thanks!

Tim M.

0 Helpful

paddyxdoyle
Level 6
Level 6
In response to tmoffett

‎05-19-2005 06:15 AM

Hi Tim,

I'm not too sure about the contexts i'm afraid.

I was trialing PEAP as i need a solution for wireless clients that aren't using Cisco WLAN cards so i am looking for native operating system support.

Does EAP-FAST work in this way, a brief look through the documents says that your need Cisco WLAN cards and ACU software?

I got the test certificate from www.verisign.com, it lasts for 15 days.

Thanks

Paddy

0 Helpful

tmoffett
Cisco Employee
Cisco Employee
In response to paddyxdoyle

‎05-19-2005 06:09 PM

As I understand it, EAP-FAST only supports dynamic PAC distribution when used withy MS AD, as it leverages MS CHAPv2. I couldn't figure out how to install the PAC file on my Dell 1450 TrueMobile client...

I installed MS Certificate server installed on Server 2003. I was able to install the certificate, but it never showed up in the trusted certificate list.

Getting closer. I will post the direction I take as I get there...

Tim

0 Helpful
Customers Also Viewed These Support Documents