Re: Authenticating Unix users with LEAP

javierlopez · ‎06-13-2002

Scenario : WLAN (AP350 V11.21) with LEAP authentication against an ACS V3.0 server (on W2K). Pre-existing Unix users with traditional Unix-crypted passwords. Usernames with their associated encrypted passwords are successfully imported on ACS database with the csutil utility.

Authorization fails because LEAP uses a derivative of CHAP/MS-CHAP and it needs the plain password on the ACS side.

WLANs are increasingly used on places like educational campuses where Unix is widely deployed. Has anyone found a solution to authenticate Unix users with LEAP?

Thanks in advance

lisa.hall · ‎06-21-2002

I know it's It's not supported yet. When PEAP is added to Aironet and ACS, this problem will go away. I believe that is happening in ACS 3.1 and some future version of the Aironet software.

An ugly workaround would be to setup User Changeable Passwords. You'd inform people with UNIX accounts that they have an ACS account created, but that wireless will not work for them until they use a LAN-based system to log in and change their ACS password. You could give them the option of using the same password, of course.

b.withrow · ‎06-24-2002

We are having the same exact issues. The only thing we will do (as far as authentication) is to add all MAC ADDR's to ACS and have all clients authenticate against the master MAC DB in ACS. Not a good solution, but it seems like the ONLY solution. I have opened many cases with the TAC as well as with our SE and the conclusion is always the same.