cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

335
Views
0
Helpful
3
Replies
GRANT GATHAGAN
Beginner

Non-Active Directory LDAP user authentication with ACS 5.3

Has anyone gotten any non-AD LDAP authentication to work with Secure ACS 5.3 or 5.4?

Specifically, I'm trying to authenticate user access to our secure wireless network, controlled by a pair of 5508 controllers.

I can get it to work if the laptop has support for Cisco's flavor of PEAP, but not for Microsoft's version of PEAP.

3 REPLIES 3
Jatin Katyal
Cisco Employee

Because ldap as an external database doesn't support peap mschap v2. It's a limitation on a ldap side. The option is to use peap with gtc and I think you are already using it. You will find few more post on this forum with a similar query.

here are the authentication protocols/database matrix:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/eap_pap_phase.html#wp1014889

Jatin katyal
*do rate helpful posts*


Sent from Cisco Technical Support Android App

~Jatin

I could understand that limitation if I was trying to authenticate the WLC's directly against LDAP.

I was under the impression, however, that one of the reasons to use ACS was that, with ACS handling the user authentication instead of the WLC, you were allowed a wider range of authentication options, while not requiring more extensive "native" support on the WLC.

I guess I should have demanded more expicit confirmation when my provider said, "Yes" when asked if we could leverage our eDirectory's LDAP capabilities for authentication.

So then, I guess my next question is:

Is there any software available from Cisco to provide support for Cisco's EAP-FAST or Cisco PEAP without involving VPN capability?

If you have a laptop that sports a Centrino wireles adapter, the support is already there.

If you don't, is the Cisco AnyConnect Secure Mobility Client my only option for non-Centrino wireless users?

Ravi Singh
Rising star

Yes there is one which support cisco PEAP without involving VPN. Please check the below link.

http://www.cisco.com/en/US/docs/wireless/technology/peap/technical/reference/PEAP_D.html