Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1045
Views
0
Helpful
2
Replies

ldap authentication on wlc 2504 for wireless clients

John Butterfield
Level 1
Level 1

‎06-26-2014 01:33 PM - edited ‎07-05-2021 01:07 AM

I'm trying to configure LDAP authentication for wireless clients. I found various documents describing LDAP setup, but they only seem to offer a portion of the config. http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-2/configuration/guide/cg/cg_security_sol.html Under the LDAP section, I have don all this. Server Index 1 Server Address x.x.x.x Port Number 389 Simple Bind Authenticated Bind Username CN=xxxxxxc,OU=Denver,OU=CorpUsers,DC=xxxxx,DC=com Bind Password xxxxx Confirm Bind Password xxxxx User Base DN DC=xxxxx,DC=com User Attribute sAMAccountName User Object Type Person Secure Mode(via TLS) Enabled Server Timeout 2 seconds Enable Server Status Enabled Local EAP profiles I have EAP-FAST & EAP-TLS I am NOT using certs, so all those are unchecked. Authentication Priority is LDAP this part I am guessing on: WLAN Layer 2 Security is set to 802.1x Layer 3 is none AAA servers, I have my LDAP server selected, local EAP auth enabled with my ldap profile selected, ldap as top item for authentication I just get a message that says Windows was unable to connect to the wireless network. It works fine if I change layer 2 security to WPA2 with a PSK. I'm not certain that the LDAP request is even hitting the server. I am using authenticated bind, so I have NOT enabled anonymous authentication on the LDAP server and I'm not using certs. Any ideas on what I'm missing to make LDAP auth work?
1 person had this problem
Labels:
0 Helpful
2 Replies 2

dcrichardson
Level 1
Level 1

‎07-18-2014 05:18 AM

I'm trying to do similar on 5760.

I have webauth to external server, redirect is fine client enters credentials and gets passed back. we thought the LDAP auth was working but things fell apart, we were never seeing any LDAp requests. the teh client username is resisted on the controller., this looks to be a dynamic addition.

I'm thinking anonymous bind and passing teh cn attribute as the client "username".

 

0 Helpful

John Butterfield
Level 1
Level 1
In response to dcrichardson

‎07-18-2014 10:51 AM

I abandoned this altogether and determined it was easier to just configure radius and use NPS on the windows server to pass domain authentication.  So I installed NPS and configured it to allow a specific windows group and it seems to be working fine.  If not using certs I had to tell the wireless client profile to NOT check the cert as there is none.  If you are a member of the domain and in that group you get authenticated automatically.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card