authentication with Active Directory

Unanswered Question
Feb 7th, 2008

Hi!

I'm using PEAP authentication with the Active Directory. I have Cisco Secure ACS 4 and Cisco Aironet 1230 APs. The users use their Windows account to log in, but when I change the password in the AD the password doesnt change in the Secure. Anybody knows if if this possible and how can I do these passwords be updated in the Secure database?

]Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
naveen999 Fri, 02/08/2008 - 02:26

4.3 ACS CONFIGURATION STEPS:

The new window will be come and click on next

Log in to the Cisco ACS

Select the ACS admin from web browser

Click on administration control:-

Add administrator and grant all permissions with account never expire and submit it

In network configuration add AAA client:-

Give the IP address of AAA client (ACCESS POINT) with the secret shared key between AAA and ACS

Give the Ip address, shared Key and encryption key (length is 26bits).

1. And select the RADIUS (Cisco Aironet) in the field authenticates using.

1. Select the Global Authentication setup for LEAP (LIEGHTWIEGHT EXTENSIBLE AUTHENTICATION PROTOCAL)

2. Select system configuration and select the leap, allow eap-mds.

3. Select the field MS-CHAP version 1 and 2.

4. Select the external user database for windows database (Active Directory users)

1. Select the external user database.

2. In that select the file windows database

In external user database under database group mapping:-windows database -

Select the domain to be mapped which contain database.

Add mapping:-

3. Select the field administrators in external database

Configuration steps for access point:

1. Select the static wep key and give the key length should be 128 bits only.

2. Give the IP address and shared secret.

3. Configure ssid&vlan

4. Configure server manager

Configure SSID

CONFIGURE THE ENCRYPTION MANAGER IN AP

CONFIGURE SERVER MANAGER IN AP

THANK

tbrinkma Fri, 02/08/2008 - 04:38

I think it will be easier to configure a Radius server. As what I have seen Radius works better.

Actions

This Discussion