Solved: WLC authentication LDAP

jcarvalh · ‎09-16-2013

Hello.

I am going to install a WLC with two wlan (A and B). User on both wlans will authenticate via LDAP in one Microsoft server.

Is it possible for a user to authenticate and access wlan A but not B? In WLC the path configured in WLC to query the server is associated with the server, so it seems to me that a user would be granted access to any wlan as long as the user exists on the Microsoft server.

Please let me know if there is a way to only allow users from group A to access WLAN A and users from group B to access WLAN B.

Thanks in advance,

Joao Carvalho

Scott Fella · ‎09-16-2013

You need a radius server if you want to achieve that. Using LDAP directly to AD only checks for the user in the group, radius can check the called station id which has the ssid name in it.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎09-16-2013

You need a radius server if you want to achieve that. Using LDAP directly to AD only checks for the user in the group, radius can check the called station id which has the ssid name in it.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

jcarvalh · ‎09-16-2013

Hello Scott.

Thanks for the quick reply.

Regards,

Joao.

Scott Fella · ‎09-16-2013

Joao,

In case you decide to bring up a Microsoft Radius server, here is another thread that has more info in what you need to do.

https://supportforums.cisco.com/thread/2217685

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***