Wireless Authenticate with Novell LDAP through ACS 5.2

Lam Hung Chung · ‎08-03-2011

Dear all,
I'd like to configure wireless access from winXP to authenticate with our corporate Novell LDAP through ACS

Setup:

WinXP SP3 --> WLC 4402 --> ACS 5.2 --> Novell LDAP

1. Our Novell LDAP server uses secure LDAP (port 636) to authentication user.
On ACS 5.2, when we configure this option we need to select Root CA. Should the Root CA in ACS must be the same as the LDAP server's? (the

LDAP's certificate issuer)

2. What kind of authentication that this setup supports? Does it support PEAP/MSCHAPv2 as in Windows Zero Configuration or

it only supports PEAP-GTC, EAP-FAST, EAP-TLS (which means I have to use Intel Proset/Wireless software to configure).

Thanks for your help.

Nicolas Darchis · ‎08-03-2011

For your question 2, the config guide states that for LDAP databases only returning clear text password (and I think it's the case for Novell but wouldn't bet my life on it), you have to use TLS or GTC methods, not mschapv2.

For question 1, you need the ACS to have the LDAP server issuing CA cert in the trusted list and select it in the LDAP config as root CA.

Lam Hung Chung · ‎08-10-2011

Hi Nicolas,

Thank you very much for your help. I've been able to make it work.

Just confirm:

1. Root CA = LDAP server's RootCA

2. PEAP-GTC