Cisco WLC: authenticate to SSID using AD credentails?

ryabutler · ‎09-27-2011

Hello,

What is the best option to do the following on the Cisco WLC 2106.

We have a wireless network we want to configure where a user can input there AD credentials for authentcation before gaining access to the network. We want to integrate LDAP with the WLC and we do not want to do any EAP or 802.1X authentication. I'm thinking this will be something like a splash page I guess.

How could I configure something like this on the controller?

Thank you!

-rya

Stephen Rodriguez · ‎09-27-2011

Yes you could do a splash page. There is a problem however with doing an LDAP call to AD. The WLC needs the AD to return a clear text password, as it can't decrypt the MSCHAP that is sent back.

There are articles that you can search on technet/google, that tell you the regedit that needs to be done to get this to work. But most AD people don't like this being done.

now, another thing you could do, is turn one of your Microsoft servers into an IAS/NPS and do a RADIUS call. This can still be done for the splash page, without doing 802.1x.

HTH,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

ryabutler · ‎09-27-2011

Ok, that is great. So I could use RADIUS for AD user authentication and enable the web/splash page for users to login.

I'm assuming all I need to do is enable "Web Policy: Authentication" and I'm good (after I configure RADIUS of coarse)?

I have a screenshot for that page.:

Thank you!

-rya