01-23-2014 03:19 AM - edited 07-05-2021 12:02 AM
Hello,
Currently I have three SSIDs each serving it's purpose.. Students, Staff & Guest.. I want to archive different authentication for each SSID, Students will be able to only authenticate only on the Student SSID and same for Staff, Staff shouldn't be able to authenticate on Student and vs..
Is it's possible with Radius server to be authenticated based on AD organizational units?
Any thoughs?
Thanks,
Solved! Go to Solution.
02-01-2014 03:05 AM
02-01-2014 03:36 AM
Hi,
Hussain Al Sayed, Ram Kumar & Waqas made the configuraiton in the IAS and only one Policy is there, when one of the user who is member of the targgeted group tryies to login, it says username and password is not valid and IAS generate warning as follows;
User zha10264 was denied access.
Fully-Qualified-User-Name = Domain-Name\zha10264
NAS-IP-Address = 172.16.3.3
NAS-Identifier = RCSICiscoWLC01
Called-Station-Identifier = 50-17-ff-34-7c-60:ICT
Calling-Station-Identifier = f0-7b-cb-41-5a-8c
Client-Friendly-Name = ciscowlan
Client-IP-Address = 172.16.3.3
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 13
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server =
Policy-Name =
Authentication-Type = PAP
EAP-Type =
Reason-Code = 16
Reason = Authentication was not successful because an unknown user name or incorrect password was used.
Any help?
02-01-2014 03:43 AM
HI Ramkumar,
is there shared secret is same on swicth and IAS server ?
Regards
02-01-2014 04:08 AM
Hi Snadeep,
Its working now correctly as per the following policy criteria; in order
1.NAS-Port-Type Matches Wireless - IEEE 802.11 Or Wireless other
2. Called-Station-ID Matches "ICT.*" AND "Which is the SSID Name we are using
3. Windows-Groups Matches "Domain-Name\SG-GroupName
I have tested this by adding targetted user in the SG-Group and user was able to be authenticated if it's in that Group, if not, error message will appear Username and Password as not valid.
One last question i Have regarding the performance on the IAS Server, we are targeting 900 concurrent user session, will IAS Server 2003 having 2 GB ram and 2.8 GHz x 2 vCPUs will it be enough?
What is your recommendation?
Thanks,
Hussain on behalf of Ram Kumar
02-01-2014 04:20 AM
HI,
You can check this:
http://technet.microsoft.com/en-us/library/cc758523(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/bb742387.aspx
Hope this helps.
Reagrds
02-01-2014 05:06 AM
Thanks for your reply, I think is is good article as I'm not running IAS on domain controller:
the domain controller or the computer that contains the global catalog, verify that you have an efficient domain and site topology.
Use the MaxConcurrentApi registry entry (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\ Parameters) to increase the number of multiplexed connections to the domain controller.
02-01-2014 07:29 AM
Typically you would want to bring up another IAS server and point he WLC to both... If you ahve two WLC's, this allows you to point one WLC1 to Radisu1 and Radius2 for backup and WLC2 to Radius2 for primary and Radius1 for backup. The 2GB of ram is questionalble as in the past, I have seen a minimum of 8 in production networks, but I'm not a server guys.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
02-01-2014 07:15 AM
Can you export the IAS configuration and email me it PM. Just click in the IAS server in the configuration page and click export. This way I can tweak your policy and send it back.
Sent from Cisco Technical Support iPhone App
02-02-2014 10:51 PM
Hi Scott,
I've tried to send you PM with attachement yesterday, but PM doesn't have attachment options..
02-03-2014 12:08 AM
will this file be okay for you?
tsh aaaa show config >C:\IASConfig.txt
02-03-2014 04:54 AM
Send me a PM with your email and I will reply back.
Sent from Cisco Technical Support iPhone App
02-03-2014 05:44 AM
Hi Scott,
I have just sent you a PM.
thanks,
02-03-2014 05:46 AM
Just replied back:)
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide