10-12-2009 01:36 PM - edited 07-03-2021 06:08 PM
Hi,
I want to integrate WLC with windows 2008 server. If anybody done this integration i would like to know what are the step i need to do in the Microsoft Side, If you have any document related to MS 2008 integration pls share the information with me.
Thanks in adavence.
Regards,
Sunish
10-12-2009 04:30 PM
Can you provide more detail around what you mean by integrate? I don't think a WLC can talk directly to AD (Kerberos, LDAP, or otherwise).
If what you mean by "integrate" is to be able to authenticate wireless users against AD, then you will need something to proxy that authentication. That is usually a RADIUS server. Cisco ACS and Microsoft IAS and two common RADIUS servers, both of which can talk to AD. Check out the Cisco ACS 4.2 configuration guide for a good example. Here's a link to an older Microsoft article, but it still applies to 2008 (Microsoft IAS is still included with Windows Server).
10-12-2009 04:33 PM
You can use LDAP to talk to the windows AD:
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml
10-12-2009 07:30 PM
I learn something new every day! However, be aware of the following (since most people want to use PEAP with AD):
The LDAP backend database supports these Local EAP methods:
EAP-FAST/GTC
EAP-TLS
PEAPv1/GTC.
LEAP, EAP-FAST/MSCHAPv2, and PEAPv0/MSCHAPv2 are also supported, but only if the LDAP server is set up to return a clear-text password. For example, Microsoft Active Directory is not supported because it does not return a clear-text password. If the LDAP server cannot be configured to return a clear-text password, LEAP, EAP-FAST/MSCHAPv2, and PEAPv0/MSCHAPv2 are not supported.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide