Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
866
Views
5
Helpful
4
Replies

PEAP Auth with Cisco ACS 5.3 and Lotus Notes DB

Go to solution
acontes
Level 1
Level 1

‎03-14-2013 01:22 AM - edited ‎03-10-2019 08:11 PM

Hi,

i want to authenticate wireless clients against username/passwords stored in a lotus notes database.

Network: PEAP SSID->Accesspoint->4404 WLAN Controller->ACS 5.3->Notes DB

Is this possible?

I can connect to the ldap and query groups and attributes. but when i try to authenticate a user, i allways get an "subject not found in identity store" error.

Test bind was successfull (found >100 groups and >100 subjects.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
maldehne
Cisco Employee
Cisco Employee
In response to acontes

‎03-14-2013 03:54 AM

EAP MSCHAP v2 is not supported with LDAP through ACS

You can use EAP GTC

You should a supplicant utility that supports PEAP ( EAP GTC )

such as Cisco ADU , Intel Proset , CSSC , AnyConnect , ...... you can google for a list of supplicants

open new thread for Apple issue

------------------------------------------------------------------

Please make sure to rate correct answers and flag this thread as answered

View solution in original post

4 Replies 4

Go to solution
maldehne
Cisco Employee
Cisco Employee

‎03-14-2013 02:25 AM

Are you using EAP MSCHAP v2 ??

0 Helpful

Go to solution
acontes
Level 1
Level 1
In response to maldehne

‎03-14-2013 03:05 AM

Yes, i use EAP MSChapV2.

In the meantime, i sniffed the lan port of ACS. There is no outgoing bind request when i try to authenticate a wireless user.

The Indentity rule under my access service works fine. The hit counter on the rule "use the ldap db" identity store is increasing. but no authorization rule matches.

0 Helpful

Go to solution
acontes
Level 1
Level 1
In response to acontes

‎03-14-2013 03:12 AM

Ah thanks for the hint :-)

Looks like i should use EAP-GTC to work with Lotus LDAP, correct? How can i change this? Clientside, Phase-2 Auth Type?

Doh! Running into the next problem: Android works because i can select GTC, in Apple iOS not.

0 Helpful

Go to solution
maldehne
Cisco Employee
Cisco Employee
In response to acontes

‎03-14-2013 03:54 AM

EAP MSCHAP v2 is not supported with LDAP through ACS

You can use EAP GTC

You should a supplicant utility that supports PEAP ( EAP GTC )

such as Cisco ADU , Intel Proset , CSSC , AnyConnect , ...... you can google for a list of supplicants

open new thread for Apple issue

------------------------------------------------------------------

Please make sure to rate correct answers and flag this thread as answered

Customers Also Viewed These Support Documents