05-05-2013 10:28 PM - edited 07-04-2021 12:01 AM
Hi to all,
Is there a way that I can configure authentication with an ldap server without the need of a certificate or using web authentication??? I have a customer that want to have the users authenticated with AD but with no certificate or web auth.
Besides that, how do you think I can accomplish this??: There are going to be 3 SSID's, All users should be authenticated with AD but just a specific group of AD users must have have access to every SSID, I mean an AD user will only be able to connect to one specific SSID not to the 3.
Thanks in advance for your help.
05-06-2013 03:06 AM
In your first scenario, as your corporate machine is already a part of domain, so you can cofigure your authorization policies in a such a way that same user name and password will be used to get the dot1x authenticated.
05-06-2013 04:47 AM
That is kind of tough to accomplish with really having a radius server. If you only had one SSID using LDAP, maybe that would work okay. Having a radius, you can specify the policy for each AD group and what SSID they can or can't use.
Sent from Cisco Technical Support iPhone App
05-16-2013 09:56 PM
For the functionality your after (AD authentication with AD Group lookup) Radius to a box directly connected to AD is your best bet.
Options are really Microsoft server with the radius server configured. Cisco ACS or Free Radius server(freeradius.org). You should be able to use any of this devices to connect to and and check user groups as well as username password. giving you control over who gets access to which ssid.
LDAP really isnt the right tool for the job.
05-21-2013 07:32 AM
Hello guys,
At the end it was not possible to use ldap with 802.1x, we finally used radius (Windows 2k8 NPS) + wpa + 802.1x for the authentication and in that server my customer did the configuration of policies in order to have the SSID restriction per user.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: