cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

292
Views
0
Helpful
14
Replies
Beginner

LDAP client auth

I've searched the internet but the examples I've found use certificates or web auth.  I'm trying to get users to authenticate using their LDAP credentials on a new SSID.

I have the LDAP server set up on the controller but I'm still having troubles getting authentication to work.

I'd like to bypass using ACS and have the controller talk directly to the LDAP server.

In our environment we have the following:

Two WiSM controllers in separate data centers

4402 guest controller (in production now)

5508 guest controller (being installed now)

All controllers running 7.0.235.3

ACS 4.2

NCS 1.1.1.24

1 ACCEPTED SOLUTION

Accepted Solutions

LDAP client auth

that should do. on the client make sure you uncheck the box to 'validate server certificate' as well.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
14 REPLIES 14

LDAP client auth

So you are looking at the guides for Local EAP?  or is this for guest users?

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Beginner

LDAP client auth

These will be contractors that are BYOD but do have AD login credentials.

LDAP client auth

So you have the WLC configured for Local EAP/PEAP?

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Beginner

LDAP client auth

I have the LEAP profile set up and chosen on the WLAN tab.

LDAP client auth

I would set it for PEAP vs LEAP.  Not all supplicants support LEAP and it's vulnerable.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Beginner

LDAP client auth

Do you have a link or anything about setting that up?  Does it require certs?

LDAP client auth

you should just need to check the PEAP box and not the LEAP box.

as for certs, just on the WLC and it will be there already.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Beginner

LDAP client auth

So then I have to choose "

LDAP client auth

not required...those are for TLS.  so you shoudl be able to uncheck those boxes

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Beginner

LDAP client auth

They were unchecked...

Here is what I have:

L2 security

WPA+WPA2 selected.

Checkbox for WPA2 policy WPA2 encryption AES

Auth Key MGmT 802.1x

AAA Sever tab

LDAP server selected

Local EAP Authentication checked

EAP Profile Name - Test

Local EAP Profile - Test

PEAP checked, nothing else

Authentication Priority - LDAP

Is there anything else I'm missing?

LDAP client auth

that should do. on the client make sure you uncheck the box to 'validate server certificate' as well.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Highlighted
Beginner

LDAP client auth

I think I got it... had to set up the network profile in Windows.

I'm a total n00b at this so thanks for your help!

LDAP client auth

no worries, that's why we are here!

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Beginner

LDAP client auth

Ok, so now the problem I ran into is that when I change priority order -> local auth to LDAP, it breaks our 7925 wifi phones.  Even if I have LDAP and Local in the box, if I change the order to LDAP/Local it breaks the phones but LDAP works.  If I change it to Local/LDAP the phones work again but LDAP doesn't.

The phones are using EAP-Fast.  Any ideas?  Do I need to change the auth method of the phones?

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards