10-23-2020 03:40 AM - edited 07-05-2021 12:41 PM
Hello.
WLC(CT2504)-RADIUS- LDAP
The customer's site has a network connected as above.
After setting only RADIUS in WLC, it is configured to authenticate through LDAP.
(There is no LDAP related setting in WLC // Only RADIUS setting)
mac os, ios, android no problem with connection
However, the Windows OS can only be connected by installing the cisco:peap plug-in.
Customers do not want to install the cisco:peap plug-in.
What should I do?
I know that Windows OS should install cisco:peap plug-in unconditionally regarding LDAP.
Said the customer.
"Cisco WLC says that Windows OS can be configured without installing additional plug-ins"
I can't find anything like that.
Please help me.
10-23-2020 03:44 AM
- But the (windows) wireless client will only pass credentials to the configured ssid. The latter part + controller needs radius in the further authenticating steps. Not the originating-windows-client.
M.
10-23-2020 03:51 AM - edited 10-23-2020 05:00 AM
Thank you for answer.
I did not understand the answer.
Are you saying you have to set it up on the RADIUS server?
The Aruba Wireless Controller is also connected to the customer site in the same configuration.
Aruba Wireless controller also said that Windows OS installed eap-gtc plugin.
However, it is said that the connection was made without installing the eap-gtc plugin through some function in the Aruba controller.
Are there any documents I can refer to?
I understood a little what you said.
If you try to connect without installing plugin in Windows OS,
You will see a window for entering username/password infinitely.
Will this problem be solved by setting up NPS in Radius Server or LDAP Server?
10-26-2020 10:19 AM
RADIUS Config from the WLC is different than the LDAP config.
To make LDAP works follow this detailed steps in this doc:
Configure WLC with LDAP Authentication for 802.1x and Web-Auth WLANs:
in it you will see the note about different clients (ios, mac, windows clients)
if you want to eliminate the clients compatibility problem with LDAP then use RADIUS, any type, NPS, ISE or any other RADIUS Server because the RADIUS protocol is standard, the RADIUS Server will give you much more flexibility and it is the recommended solution.
10-27-2020 09:43 PM
Thank you for answer.
We believe that the WLC client (Windows) authenticates with the Radius Server first.
The Radius Server is also using LDAP.
The guide on the link you gave me is a guide when there are only two WLC<->LDAP servers.
It is different from our situation.
WLC<->Radius<->LDAP.
Our customers do not want to install EAP-GTC Plugin.
The Aruba controller was the same problem, but it was solved through some option of the Aruba controller.
There is no documentation on whether Cisco has the same functionality.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide