LDAP database without certificate

Answered Question
Jun 1st, 2007

hi

Is there any type of eap protocol in ACS 4.1 works without certificates and compatible with LDAP database.

thanks

I have this problem too.
0 votes
Correct Answer by Premdeep Banga about 9 years 6 months ago

Yes Go for the card manufacturer's supplicant, they generally have the option for EAP-GTC.

If your issue is resolved, please mark this thread as resolved, so that others can benefit from it.

Thanks,

Prem

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
scadora Fri, 06/01/2007 - 10:48

PEAP-GTC needs server-side certs only.

EAPFAST-GTC should work without certs at all.

Shelly

Premdeep Banga Fri, 06/01/2007 - 16:10

Hi,

PEAP(EAP-GTC) works with LDAP, compatibility table,

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs41/user/overvw.htm#wp858207

Configure ACS for PEAP authentication.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0080545a29.shtml

And when it comes to configure client, generally I have seen with Intel clients, you have an option to uncheck "Validate Server Certificate" under "PEAP Server" section if you do not want to install CA root certificate on every client, after you have selected Authentication type as PEAP and authentication protocol as GTC under "PEAP User" section.

Regards,

Prem

aksoyilker Thu, 06/07/2007 - 06:10

hi

As you explained eap-gtc is suitable for us. Can we use eap-gtc in windows xp without cisco wireless client adapter?

i installed cisco wireless client adapter software but still there isn't GTC protocol under PEAP properties.

thanks

Premdeep Banga Thu, 06/07/2007 - 06:22

Hi,

this is for wireless authentication right?

In that case you can use the default wireless utility that it comes with, i.e. with intel card, intel utility etc. They do have an option for GTC.

Regards,

Prem

aksoyilker Thu, 06/07/2007 - 06:36

i have an intel card and in peap properties section there are only two auth type mschapv2 and smartcard or certificate. no gtc.

Premdeep Banga Thu, 06/07/2007 - 06:53

No not the Intel card model. I guess you do not have Intel supplicant. Search for Intel PRoset/wireless software on Google.

Regards,

Prem

aksoyilker Thu, 06/07/2007 - 07:53

thanks a lot.

it is working with supplicant software.

must i install supplicant for non-cisco wireless cards to use eap-gtc?

Correct Answer
Premdeep Banga Thu, 06/07/2007 - 08:54

Yes Go for the card manufacturer's supplicant, they generally have the option for EAP-GTC.

If your issue is resolved, please mark this thread as resolved, so that others can benefit from it.

Thanks,

Prem

aksoyilker Sun, 06/10/2007 - 06:55

i want to ask a final question

why is PEAP-MSCHAPv2 incompatible with LDAP?

Premdeep Banga Sun, 06/10/2007 - 11:32

Hi,

Only answer would be, thats the way LDAP works, it cannot understand PEAP-MSCHAPv2

Regards,

Prem

Actions

This Discussion