Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2856
Views
0
Helpful
5
Replies

can we Integrate Cisco WLC 2504 with Active Directory

Seshu kumar Yangala
Level 1
Level 1

‎03-01-2016 09:20 AM - edited ‎07-05-2021 04:42 AM

Dear Team,

We are trying to integrate Active Directory with WLC 2504 controller but not successful. Which is the best way to do? does 2504 will support AD integration or not? I have gone through Cisco Docs but i am finding confusion on AD part. Can any one advise me or send me proper docs. Thanks in advance.

Regards,

Seshu

Labels:
0 Helpful
5 Replies 5

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-01-2016 03:48 PM

We mostly use the built in (built into Windows Server) Microsoft NPS service (RADIUS) which authenticates RADIUS against active directory.

Pretty much everything on the WLC supports this.

You can also do direct LDAP authentication, but this is really only usable for web authentication.

0 Helpful

dapo dimeji
Level 1
Level 1
In response to Philip D'Ath

‎03-08-2016 08:18 AM

Hello Guys I have a problem with this same WLC2504. any help?

I have a WLC 2504 which has a broken connection to the RADIUS and Certificate Authentication Sever. The server seems to have developed an issue whereby
its lost communication with the Global Catalogue and therefore won't allow a domain login, only local login. This server is
a windows server 2003 running the IAS (Internet Authentication Service).
On the server side it gives the below error:

Access request for user host/ABC.efg.gov.uk was discarded.
 Fully-Qualified-User-Name = <undetermined>
 NAS-IP-Address = 192.168.1.4
 NAS-Identifier = HQMAIN-WLC
 Called-Station-Identifier = 0014.a8bd.0940
 Calling-Station-Identifier = b4b6.7689.0d5f
 Client-Friendly-Name = HQ-WLC
 Client-IP-Address = 192.168.1.5
 NAS-Port-Type = Wireless - IEEE 802.11
 NAS-Port = 1
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Reason-Code = 4
 Reason = The Active Directory global catalog cannot be accessed.

On the WLC side i am getting the below error:

*Dot1x_NW_MsgTask_4: Mar 02 17:11:24.182: #DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c:817 Unable to send AAA message for client ac:7b:a1:e4:ea:e4
*Dot1x_NW_MsgTask_4: Mar 02 17:08:52.306: #DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c:817 Unable to send AAA message for client ac:7b:a1:e4:ea:e4
*Dot1x_NW_MsgTask_4: Mar 02 17:08:52.300: #DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:449  Authentication Aborted for client ac:7b:a1:e4:ea:e4
*Dot1x_NW_MsgTask_6: Mar 02 17:05:51.322: #DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c:817 Unable to send AAA message for client 7c:5c:f8:14:a7:c6
*Dot1x_NW_MsgTask_5: Mar 02 17:01:57.195: #DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c:817 Unable to send AAA message for client c4:d9:87:ac:6a:75

Can anyone advise if there is a way to bypass the RADIUS Server and have clients get authentication direct from Active
Directory? Or what is the best work around pending when this server or another server can be setup back online?

ANy suggestions will be appreciated.

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to dapo dimeji

‎03-08-2016 10:45 AM

If you want to use WPA/WPA2 Enterprise mode you need the RADIUS server working.

0 Helpful

George Stefanick
VIP Alumni
VIP Alumni

‎03-01-2016 03:53 PM

The 2504 itself doesn't integrate. Like Phil mentioned you can integrate LDAP and your can point the controller to a 802.1X server. But the WLC itself doesn't integrate. 

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card