09-05-2012 08:51 AM - edited 07-03-2021 10:37 PM
Hello.
I am to try to configure a LDAP server on the WLC and I get the follow Warnning: "LDAP can only be used with EAP-FAST, PEAP-GTC and EAP-TLS methods" . How I cant leave this problem?
Thanks
09-07-2012 08:44 AM
Hello,
What are you using the LDAP for? what is your WLC software versoin?
The message you get is informational to inform you that if you are using the LDAP server as a credentials DB for EAP authentication (using Local EAP feature on the WLC) then the only supported methods are EAP-FAST, PEAP-GTC and EAP-TLS.
HTH
Amjad
You want to say "Thank you"?
Don't. Just rate the useful answers,
that is more useful than "Thank you".
09-07-2012 11:31 AM
Hello Amjad
Thanks
The WLC is a 4400 series and it´s software version is 7.0.116.0.
I want to use LDAP to authenticate users for a WLAN with AD in a Windows Server 2008 R2 server, but when I try to add the LDAP server. the warning appears and the servers is not added.
09-07-2012 11:38 AM
What EAP type do you have configured locally on the WLC?
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
09-07-2012 12:24 PM
Hello Stephen
This is the configuration about EAP for the WLC
(Cisco Controller) show> local-auth config
Configured EAP profiles:
Name ........................................ test
Certificate issuer ........................ cisco
Peer verification options:
Check against CA certificates ........... Enabled
Verify certificate CN identity .......... Disabled
Check certificate date validity ......... Enabled
EAP-FAST configuration:
Local certificate required .............. No
Client certificate required ............. No
Enabled methods ........................... leap fast tls peap
Configured on WLANs ....................... none
EAP Method configuration:
EAP-FAST:
Server key ................................
TTL for the PAC ........................... 10
Anonymous provision allowed ............... Yes
Authority ID .............................. 436973636f0000000000000000000000
Authority Information ..................... Cisco A-ID
(Cisco Controller) show> advanced eap
EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 10
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
EAP-Broadcast Key Interval....................... 3600
09-07-2012 11:19 PM
Robinson:
It is strange that the server is not added when you get the warning. I just tried it on my version (7.0.230.0) and when I try to add the server it shows me the warning and I press "OK" and I can find the server added after that.
I don't have any local EAP profile configured so the server can be added correctly regardless of your EAP profile configuration.
Please provide the following output:
show ldap summary
show ldap 1
You want to say "Thank you"?
Don't. Just rate the useful answers,
that is more useful than "Thank you".
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide