Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
586
Views
0
Helpful
3
Replies

Non-Active Directory LDAP user authentication with ACS 5.3

GRANT GATHAGAN
Level 1
Level 1

‎06-07-2013 03:27 PM - edited ‎03-10-2019 08:31 PM

Has anyone gotten any non-AD LDAP authentication to work with Secure ACS 5.3 or 5.4?

Specifically, I'm trying to authenticate user access to our secure wireless network, controlled by a pair of 5508 controllers.

I can get it to work if the laptop has support for Cisco's flavor of PEAP, but not for Microsoft's version of PEAP.

Labels:
0 Helpful
3 Replies 3

Jatin Katyal
Cisco Employee
Cisco Employee

‎06-08-2013 12:24 AM

Because ldap as an external database doesn't support peap mschap v2. It's a limitation on a ldap side. The option is to use peap with gtc and I think you are already using it. You will find few more post on this forum with a similar query.

here are the authentication protocols/database matrix:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/eap_pap_phase.html#wp1014889

Jatin katyal
*do rate helpful posts*


Sent from Cisco Technical Support Android App

~Jatin
0 Helpful

GRANT GATHAGAN
Level 1
Level 1
In response to Jatin Katyal

‎06-09-2013 11:37 AM

I could understand that limitation if I was trying to authenticate the WLC's directly against LDAP.

I was under the impression, however, that one of the reasons to use ACS was that, with ACS handling the user authentication instead of the WLC, you were allowed a wider range of authentication options, while not requiring more extensive "native" support on the WLC.

I guess I should have demanded more expicit confirmation when my provider said, "Yes" when asked if we could leverage our eDirectory's LDAP capabilities for authentication.

So then, I guess my next question is:

Is there any software available from Cisco to provide support for Cisco's EAP-FAST or Cisco PEAP without involving VPN capability?

If you have a laptop that sports a Centrino wireles adapter, the support is already there.

If you don't, is the Cisco AnyConnect Secure Mobility Client my only option for non-Centrino wireless users?

0 Helpful

Ravi Singh
Level 7
Level 7

‎06-09-2013 09:15 PM

Yes there is one which support cisco PEAP without involving VPN. Please check the below link.

http://www.cisco.com/en/US/docs/wireless/technology/peap/technical/reference/PEAP_D.html

0 Helpful
Customers Also Viewed These Support Documents