Thank you very much.

How does using the AP as a local RADIUS server interract with Windows domain authentication?

What I am looking to do is test the client's single sign on features setting LEAP authentication to use Windows logon credentials.

Thanks again for you help.

Rgds,

Doug

There is no interaction between the local RADIUS server and the Active Directory. If you want to use the user database in Active Directory, you need a Cisco ACS radius server or an external radius server from other vendor.

We use Cisco's ACS and set it up to use Windows AD for single sign on. After setting up the ACS server you configure the Acess Points to send authentication requests to ACS and then it will forward the request to AD. You may want to look at EAP-Fast from Cisco instead of LEAP however. I have not looked at it much yet, but it is supposed to provide greater security from dictionary attacks.

Thanks for the info. I have downloaded the trial version of ACS 3.3. The documentation does talk about using MS AD, but it is a little confusing when going thru the setup.

The learning curve is somewhat high for me...all that I am really trying to accomplish is to get LEAP working with AD in a lab environment so that I can investigate a problem one of our customers is reporting.

It is a profile / domain logon problem...since I really don't know that much about Wlan security & authentication I am not sure if I can use another authentication mechanism (say PEAP) in which Microsoft supports.

The reported problem is that when they create a new user / Wlan profile using Intel Proset configured with WEP 128bit + LEAP and then try to logon to Windows XP, it will fail with the can't find a domain controller error.

At any rate, I will keep digging into ACS and see if I can get it setup correctly.

Thanks again!

How about PEAP MS-CHAP v2. Please go to the following URL for details:

http://www.cisco.com/en/US/customer/products/hw/wireless/ps430/products_technical_reference_chapter09186a008025d6ee.html