Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
670
Views
10
Helpful
4
Replies

wlc-radius-ldap / windows cisco:peap plug-in not install use

inb
Level 1
Level 1

‎10-23-2020 03:40 AM - edited ‎07-05-2021 12:41 PM

Hello.


WLC(CT2504)-RADIUS- LDAP
The customer's site has a network connected as above.


After setting only RADIUS in WLC, it is configured to authenticate through LDAP.
(There is no LDAP related setting in WLC // Only RADIUS setting)


mac os, ios, android no problem with connection
However, the Windows OS can only be connected by installing the cisco:peap plug-in.
Customers do not want to install the cisco:peap plug-in.


What should I do?


I know that Windows OS should install cisco:peap plug-in unconditionally regarding LDAP.


Said the customer.
"Cisco WLC says that Windows OS can be configured without installing additional plug-ins"

I can't find anything like that.


Please help me.

Labels:
4 Replies 4

marce1000
VIP
VIP

‎10-23-2020 03:44 AM

 

 - But the (windows) wireless client will only pass credentials to the configured ssid. The latter part + controller needs radius in the further authenticating steps. Not the originating-windows-client.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

inb
Level 1
Level 1
In response to marce1000

‎10-23-2020 03:51 AM - edited ‎10-23-2020 05:00 AM

Thank you for answer.


I did not understand the answer.
Are you saying you have to set it up on the RADIUS server?
The Aruba Wireless Controller is also connected to the customer site in the same configuration.
Aruba Wireless controller also said that Windows OS installed eap-gtc plugin.
However, it is said that the connection was made without installing the eap-gtc plugin through some function in the Aruba controller.
Are there any documents I can refer to?

 

I understood a little what you said.
If you try to connect without installing plugin in Windows OS,
You will see a window for entering username/password infinitely.

 

Will this problem be solved by setting up NPS in Radius Server or LDAP Server?

0 Helpful

Grendizer
Cisco Employee
Cisco Employee
In response to inb

‎10-26-2020 10:19 AM

RADIUS Config from the WLC is different than the LDAP config.

To make LDAP works follow this detailed steps in this doc:

Configure WLC with LDAP Authentication for 802.1x and Web-Auth WLANs:

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/211277-WLC-with-LDAP-Authentication-Configurati.html

in it you will see the note about different clients (ios, mac, windows clients)

 

if you want to eliminate the clients compatibility problem with LDAP then use RADIUS, any type, NPS, ISE or any other RADIUS Server because the RADIUS protocol is standard, the RADIUS Server will give you much more flexibility and it is the recommended solution.

inb
Level 1
Level 1
In response to Grendizer

‎10-27-2020 09:43 PM

Thank you for answer.

 

We believe that the WLC client (Windows) authenticates with the Radius Server first.
The Radius Server is also using LDAP.
The guide on the link you gave me is a guide when there are only two WLC<->LDAP servers.
It is different from our situation.
WLC<->Radius<->LDAP.
Our customers do not want to install EAP-GTC Plugin.
The Aruba controller was the same problem, but it was solved through some option of the Aruba controller.
There is no documentation on whether Cisco has the same functionality.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card