03-19-2013 10:45 AM - edited 07-03-2021 11:45 PM
I've searched the internet but the examples I've found use certificates or web auth. I'm trying to get users to authenticate using their LDAP credentials on a new SSID.
I have the LDAP server set up on the controller but I'm still having troubles getting authentication to work.
I'd like to bypass using ACS and have the controller talk directly to the LDAP server.
In our environment we have the following:
Two WiSM controllers in separate data centers
4402 guest controller (in production now)
5508 guest controller (being installed now)
All controllers running 7.0.235.3
ACS 4.2
NCS 1.1.1.24
Solved! Go to Solution.
03-19-2013 12:35 PM
that should do. on the client make sure you uncheck the box to 'validate server certificate' as well.
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
03-19-2013 10:48 AM
So you are looking at the guides for Local EAP? or is this for guest users?
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
03-19-2013 10:49 AM
These will be contractors that are BYOD but do have AD login credentials.
03-19-2013 10:58 AM
So you have the WLC configured for Local EAP/PEAP?
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
03-19-2013 11:57 AM
I have the LEAP profile set up and chosen on the WLAN tab.
03-19-2013 12:02 PM
I would set it for PEAP vs LEAP. Not all supplicants support LEAP and it's vulnerable.
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
03-19-2013 12:09 PM
Do you have a link or anything about setting that up? Does it require certs?
03-19-2013 12:16 PM
you should just need to check the PEAP box and not the LEAP box.
as for certs, just on the WLC and it will be there already.
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
03-19-2013 12:18 PM
So then I have to choose "
03-19-2013 12:26 PM
not required...those are for TLS. so you shoudl be able to uncheck those boxes
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
03-19-2013 12:31 PM
They were unchecked...
Here is what I have:
L2 security
WPA+WPA2 selected.
Checkbox for WPA2 policy WPA2 encryption AES
Auth Key MGmT 802.1x
AAA Sever tab
LDAP server selected
Local EAP Authentication checked
EAP Profile Name - Test
Local EAP Profile - Test
PEAP checked, nothing else
Authentication Priority - LDAP
Is there anything else I'm missing?
03-19-2013 12:35 PM
that should do. on the client make sure you uncheck the box to 'validate server certificate' as well.
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
03-19-2013 12:40 PM
I think I got it... had to set up the network profile in Windows.
I'm a total n00b at this so thanks for your help!
03-19-2013 12:42 PM
no worries, that's why we are here!
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
03-22-2013 08:34 AM
Ok, so now the problem I ran into is that when I change priority order -> local auth to LDAP, it breaks our 7925 wifi phones. Even if I have LDAP and Local in the box, if I change the order to LDAP/Local it breaks the phones but LDAP works. If I change it to Local/LDAP the phones work again but LDAP doesn't.
The phones are using EAP-Fast. Any ideas? Do I need to change the auth method of the phones?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide