LDAP database without certificate

Answered Question
Jun 1st, 2007
User Badges:

hi

Is there any type of eap protocol in ACS 4.1 works without certificates and compatible with LDAP database.

thanks

Correct Answer by Premdeep Banga about 9 years 10 months ago

Yes Go for the card manufacturer's supplicant, they generally have the option for EAP-GTC.


If your issue is resolved, please mark this thread as resolved, so that others can benefit from it.


Thanks,

Prem

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
scadora Fri, 06/01/2007 - 10:48
User Badges:
  • Cisco Employee,

PEAP-GTC needs server-side certs only.


EAPFAST-GTC should work without certs at all.


Shelly

Premdeep Banga Fri, 06/01/2007 - 16:10
User Badges:
  • Gold, 750 points or more

Hi,


PEAP(EAP-GTC) works with LDAP, compatibility table,


http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs41/user/overvw.htm#wp858207


Configure ACS for PEAP authentication.


http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0080545a29.shtml


And when it comes to configure client, generally I have seen with Intel clients, you have an option to uncheck "Validate Server Certificate" under "PEAP Server" section if you do not want to install CA root certificate on every client, after you have selected Authentication type as PEAP and authentication protocol as GTC under "PEAP User" section.


Regards,

Prem

aksoyilker Thu, 06/07/2007 - 06:10
User Badges:

hi

As you explained eap-gtc is suitable for us. Can we use eap-gtc in windows xp without cisco wireless client adapter?

i installed cisco wireless client adapter software but still there isn't GTC protocol under PEAP properties.

thanks

Premdeep Banga Thu, 06/07/2007 - 06:22
User Badges:
  • Gold, 750 points or more

Hi,


this is for wireless authentication right?


In that case you can use the default wireless utility that it comes with, i.e. with intel card, intel utility etc. They do have an option for GTC.


Regards,

Prem

aksoyilker Thu, 06/07/2007 - 06:36
User Badges:

i have an intel card and in peap properties section there are only two auth type mschapv2 and smartcard or certificate. no gtc.

Premdeep Banga Thu, 06/07/2007 - 06:53
User Badges:
  • Gold, 750 points or more

No not the Intel card model. I guess you do not have Intel supplicant. Search for Intel PRoset/wireless software on Google.


Regards,

Prem

aksoyilker Thu, 06/07/2007 - 07:53
User Badges:

thanks a lot.

it is working with supplicant software.

must i install supplicant for non-cisco wireless cards to use eap-gtc?

Correct Answer
Premdeep Banga Thu, 06/07/2007 - 08:54
User Badges:
  • Gold, 750 points or more

Yes Go for the card manufacturer's supplicant, they generally have the option for EAP-GTC.


If your issue is resolved, please mark this thread as resolved, so that others can benefit from it.


Thanks,

Prem

aksoyilker Sun, 06/10/2007 - 06:55
User Badges:


i want to ask a final question

why is PEAP-MSCHAPv2 incompatible with LDAP?


Premdeep Banga Sun, 06/10/2007 - 11:32
User Badges:
  • Gold, 750 points or more

Hi,


Only answer would be, thats the way LDAP works, it cannot understand PEAP-MSCHAPv2


Regards,

Prem

Actions

This Discussion