Solved: LeapProxy method to Authenticate Wireless Users with AD

rashidsiddiqui · ‎01-16-2011

Hi Friends,

Recently i came across the settings on ACS, known as LeapProxy, where, NPS (Network Policy Server) was installed on AD (Active Directory), and we enabled Radius server feature on NPS. Please refer the attachment.

We are using PEAP method for Authentication. How it is integrated is like following,

Users with the help of a supplicent connect to wireless, and Opt for PEAP method.
WLC is integrated with ACS.
On ACS we have defined AD server as LeapProxy Server.
Request is forwarded to LeapProxy's Radius server.
Radius Server forwards to AD.

Now the question i have, "How NPS/Radius server is forwarding the request to AD?". NPS/Radius server is on the same AD machine. In NPS/Radius we do not have any AD credentials. Although it worked, but i am not getting the data flow details.

Nicolas Darchis · ‎01-16-2011

To my opinion, NPS, since it's a Windows Server 2008, has to be installed on a Domain Controller or member Server of the domain. So it does have connectivity and credentials to AD since it's running on a machine with access to the domain.

However this is a 100% Microsoft question I'd say and if you have more concerns, you're better off trying a Microsoft forum :-)

View solution in original post

Nicolas Darchis · ‎01-16-2011

To my opinion, NPS, since it's a Windows Server 2008, has to be installed on a Domain Controller or member Server of the domain. So it does have connectivity and credentials to AD since it's running on a machine with access to the domain.

However this is a 100% Microsoft question I'd say and if you have more concerns, you're better off trying a Microsoft forum :-)