cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
837
Views
0
Helpful
5
Replies
Highlighted
Beginner

Problem to configure LDAP server on WLC

Hello.

I am to try to configure a LDAP server on the WLC and I get the follow  Warnning: "LDAP can only be used with EAP-FAST, PEAP-GTC and EAP-TLS methods" . How I cant leave this problem?

Thanks

5 REPLIES 5
Highlighted

Hello,

What are you using the LDAP for? what is your WLC software versoin?

The message you get is informational to inform you that if you are using the LDAP server as a credentials DB for EAP authentication (using Local EAP feature on the WLC) then the only supported methods are EAP-FAST, PEAP-GTC and EAP-TLS.

HTH

Amjad

You want to say "Thank you"?
Don't. Just rate the useful answers,
that is more useful than "Thank you".

Rating useful replies is more useful than saying "Thank you"
Highlighted

Hello Amjad

Thanks

The WLC is a 4400 series and it´s software version is  7.0.116.0.

I want to use LDAP to authenticate users for a WLAN with AD in a Windows Server 2008 R2 server, but when I try to add the LDAP server. the warning appears and the servers is not added.

Highlighted

What EAP type do you have configured locally on the WLC?

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Highlighted

Hello Stephen

This is the configuration about EAP for the WLC

(Cisco Controller) show> local-auth config

Configured EAP profiles:

    Name ........................................ test

      Certificate issuer ........................ cisco

      Peer verification options:

        Check against CA certificates ........... Enabled

        Verify certificate CN identity .......... Disabled

        Check certificate date validity ......... Enabled

      EAP-FAST configuration:

        Local certificate required .............. No

        Client certificate required ............. No

      Enabled methods ........................... leap fast tls peap

      Configured on WLANs ....................... none

EAP Method configuration:

    EAP-FAST:

      Server key ................................

      TTL for the PAC ........................... 10

      Anonymous provision allowed ............... Yes

      Authority ID .............................. 436973636f0000000000000000000000

      Authority Information ..................... Cisco A-ID

(Cisco Controller) show> advanced eap

EAP-Identity-Request Timeout (seconds)........... 30

EAP-Identity-Request Max Retries................. 10

EAP Key-Index for Dynamic WEP.................... 0

EAP Max-Login Ignore Identity Response........... enable

EAP-Request Timeout (seconds).................... 30

EAP-Request Max Retries.......................... 2

EAPOL-Key Timeout (milliseconds)................. 1000

EAPOL-Key Max Retries............................ 2

EAP-Broadcast Key Interval....................... 3600

Highlighted

Robinson:

It is strange that the server is not added when you get the warning. I just tried it on my version (7.0.230.0) and when I try to add the server it shows me the warning and I press "OK" and I can find the server added after that.

I don't have any local EAP profile configured so the server can be added correctly regardless of your EAP profile configuration.

Please provide the following output:

show ldap summary

show ldap 1

You want to say "Thank you"?
Don't. Just rate the useful answers,
that is more useful than "Thank you".

Rating useful replies is more useful than saying "Thank you"