cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
993
Views
10
Helpful
12
Replies

LDAP database without certificate

aksoyilker
Level 1
Level 1

hi

Is there any type of eap protocol in ACS 4.1 works without certificates and compatible with LDAP database.

thanks

1 Accepted Solution

Accepted Solutions

Yes Go for the card manufacturer's supplicant, they generally have the option for EAP-GTC.

If your issue is resolved, please mark this thread as resolved, so that others can benefit from it.

Thanks,

Prem

View solution in original post

12 Replies 12

scadora
Cisco Employee
Cisco Employee

PEAP-GTC needs server-side certs only.

EAPFAST-GTC should work without certs at all.

Shelly

Premdeep Banga
Level 7
Level 7

Hi,

PEAP(EAP-GTC) works with LDAP, compatibility table,

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs41/user/overvw.htm#wp858207

Configure ACS for PEAP authentication.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0080545a29.shtml

And when it comes to configure client, generally I have seen with Intel clients, you have an option to uncheck "Validate Server Certificate" under "PEAP Server" section if you do not want to install CA root certificate on every client, after you have selected Authentication type as PEAP and authentication protocol as GTC under "PEAP User" section.

Regards,

Prem

hi

As you explained eap-gtc is suitable for us. Can we use eap-gtc in windows xp without cisco wireless client adapter?

i installed cisco wireless client adapter software but still there isn't GTC protocol under PEAP properties.

thanks

Hi,

this is for wireless authentication right?

In that case you can use the default wireless utility that it comes with, i.e. with intel card, intel utility etc. They do have an option for GTC.

Regards,

Prem

i have an intel card and in peap properties section there are only two auth type mschapv2 and smartcard or certificate. no gtc.

What is the version of Intel Supplicant?

intel pro wireless 2200BG

No not the Intel card model. I guess you do not have Intel supplicant. Search for Intel PRoset/wireless software on Google.

Regards,

Prem

thanks a lot.

it is working with supplicant software.

must i install supplicant for non-cisco wireless cards to use eap-gtc?

Yes Go for the card manufacturer's supplicant, they generally have the option for EAP-GTC.

If your issue is resolved, please mark this thread as resolved, so that others can benefit from it.

Thanks,

Prem

i want to ask a final question

why is PEAP-MSCHAPv2 incompatible with LDAP?

Hi,

Only answer would be, thats the way LDAP works, it cannot understand PEAP-MSCHAPv2

Regards,

Prem

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: