cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
811
Views
0
Helpful
7
Replies

2504 LDAP for devices

tahequivoice
Level 2
Level 2

How can I setup the WLC to accept authentication based on the device itself and not a user?

7 Replies 7

Stephen Rodriguez
Cisco Employee
Cisco Employee

Do you have an AAA server that you will be backending to for the machine accounts?

the config on the WLC doesn't change if you do.  It all depends on the EAP config you have on the AAA server.

HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Amjad Abdullah
VIP Alumni
VIP Alumni

Can you plz clarify more

What is the auth type that you want to use?

Sent from Cisco Technical Support iPad App

Rating useful replies is more useful than saying "Thank you"

Customer wants to authenticate against LDAP based on the device itself, not any particular user. He has the computers in AD that he wants to have access to the wireless with, some are Windows CE type devices.  He has Windows Server 2003.

LDAP to AD does not work well from the WLC, as AD stores the password in a non-reversable format.

You'd be better off promoting the 2k3 server to run IAS and doing the authentication from there.

HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

I guess you mean machine authentication, not user authenticatoin, right?

the answer will be "No". This is not supported with LDAP unfortunately.
You need to enter the username and the password to authenticate.
If you want machine authentication you can use MS IAS/NPS or Cisco ACS.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Yes, Machine auth. So is there a good example based on Windows, and not ACS? Customer is not going to purchase an ACS for this.

Well, you better visit microsoft forums and ask there. It is almost a checkbox to check in the NPS policies to enable machine authentication but I have no idea how to go to that piece of configuration.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: