01-24-2011 06:47 PM - edited 03-10-2019 05:45 PM
Hi,
We have 10 WAP4410N accesspoints and we want to do authentication on a Windows Active Directory server. Could somebody explain me how to do this or point me to some documentation by which we can do this? Only users in the Windows AD need to get access to network after entering their user id and password. Either Windows or Linux based solutions will do.
Regards,
Biju Abraham.
01-24-2011 10:55 PM
Hi,
To be honest with you, i am not a wireless person. i searched and i found this link for you.
Hope this helps.
Regards,
Anisha
P.S.: Please mark this post as resolved if you feel your query is answered.
01-25-2011 02:48 PM
Hi Biju,
You can use Cisco's ACS 5.x as either a hardened Linux appliance or a VMWare image. It has good AD integration and the process for ACS 5.x authenticating to an AD backend takes only a few minutes. There are just a few steps and it goes like this:
1) In the "Network Resources" pane:
-Define your wireless controllers or autonomous APs, check the RADIUS box, and set the secret that is shared with your wireless APs.
2) In the "Users and Identity Stores" pane:
-Define your AD domain and credentials to access your AD tree.
3) In the "Access Policies" pane:
-Define an access policy (selecting the MS-CHAPv2 and probably PEAP protocals) for your wireless authentication, say Cisco-Wireless.
-Define a "Service Selection Rule" and from the "Results -> Service" dropdown select Cisco-Wireless access service you already made.
Now you have an access policy named Cisco-Wireless with two categories: Identity & Authorization.
-Identity - Leave at default of "Single result selection" since all AD users are allowed access.
-Authorization - You don't need any rules since you aren't discriminating among AD users (if they can authenticate to AD they are fully authorized for network access). Just set the default rule at the bottom to "permit access."
4) Install SSL certs:
In the "Users and Identity Stores" pane:
-Add a root CA or intermediate cert to "Certificate Authorities." (For example a Verisign intermediate cert)
In the "System Administration" pane:
-Add an EAP certificate in the "Local Certificates" section and add your CA signed cert.
For particulars of getting a CA signed cert for ACS 5.x, refer to this: https://supportforums.cisco.com/message/3065177#3065177
01-25-2011 09:25 PM
Hi Mark,
Thank you very much for the information. From what I gather from Cisco's
site, ACS is licensed and I don't know the cost. Do you know any freeware
to manage the Linksys WAP4410N? Please let me know.
Regards,
Biju.
01-25-2011 11:26 PM
Freeradius is the free RADIUS server in widest use and I think should work ok for AD, though I've not used it. You should be able to google up some AD integration instructions. Joining the user support mailing list is the best way to go for support on open source software.
Mark
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide