Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
698
Views
15
Helpful
4
Replies

WLC Authentication Active Directory

alfonso.cornejo
Level 3
Level 3

‎05-05-2013 10:28 PM - edited ‎07-04-2021 12:01 AM

Hi to all,

Is there a way that I can configure authentication with an ldap server without the need of a certificate or using web authentication??? I have a customer that want to have the users authenticated with AD but with no certificate or web auth.

Besides that, how do you think I can accomplish this??: There are going to be 3 SSID's, All users should be authenticated with AD but just a specific group of AD users must have have access to every SSID, I mean an AD user will only be able to connect to one specific SSID not to the 3.

Thanks in advance for your help.

Labels:
0 Helpful
4 Replies 4

Saurav Lodh
Level 7
Level 7

‎05-06-2013 03:06 AM

In your first scenario, as your corporate machine is already a part of domain, so you can cofigure your authorization policies in a such a way that same user name and password will be used to get the dot1x authenticated.

Scott Fella
Hall of Fame
Hall of Fame

‎05-06-2013 04:47 AM

That is kind of tough to accomplish with really having a radius server. If you only had one SSID using LDAP, maybe that would work okay. Having a radius, you can specify the policy for each AD group and what SSID they can or can't use.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Mark Baggott
Level 1
Level 1

‎05-16-2013 09:56 PM

For the functionality your after (AD authentication with AD Group lookup) Radius to a box directly connected to AD is your best bet.

Options are really Microsoft server with the radius server configured. Cisco ACS or Free Radius server(freeradius.org). You should be able to use any of this devices to connect to and and check user groups as well as username password. giving you control over who gets access to which ssid.

LDAP really isnt the right tool for the job.

alfonso.cornejo
Level 3
Level 3

‎05-21-2013 07:32 AM

Hello guys,

At the end it was not possible to use ldap with 802.1x, we finally used radius (Windows 2k8 NPS) + wpa + 802.1x for the authentication and in that server my customer did the configuration of policies in order to have the SSID restriction per user.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card