WLC integration with LDAP (Active Directory)

Unanswered Question
Apr 30th, 2009
User Badges:

Hi All, I would like to integrate Active Directory with Wireless controller. Can any one help me on this how can I do this? what will be the settings for users laptop? peap or LEAP

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
huangedmc Thu, 04/30/2009 - 03:02
User Badges:

According to our SE, integration w/ Active Directory via LDAP is currently not supported.

It had something to do w/ how the password is wrapped...can't remember the details now.

We use ACS for AAA via RADIUS so it's not a problem for us.

If you have MS IAS that can support RADIUS then maybe that'll work.

huangedmc Thu, 04/30/2009 - 11:58
User Badges:

I should've clarified...WLC supports Microsoft AD via LDAP, but only for EAP-FAST, and EAP-TLS.

If you plan on using it for PEAP, it won't work.

I'm told a new maintenance release will be out in June.

Maybe the limitation will be removed then.

Open a TAC case or check w/ your SE to make sure my info is up to date.

jain.nitin Wed, 05/06/2009 - 11:19
User Badges:

Thanks for your help. Could you please let me know if i integrate wlc with AD directly then what would be configuration for windows PC. Means like we configure for PEAP for windows wireless client.


gamccall Wed, 05/06/2009 - 11:32
User Badges:
  • Silver, 250 points or more

PEAP + AD + Local EAP on controllers = not work.

PEAP + AD + controllers + RADIUS server = work just fine.

jain.nitin Wed, 05/06/2009 - 12:04
User Badges:

I dont understand then what would be the configuration on windows clients Pc/Laptops if I integrate WLC with AD...any idea

gamccall Thu, 05/07/2009 - 05:19
User Badges:
  • Silver, 250 points or more

What settings, specifically, are you unsure about?

jain.nitin Fri, 05/08/2009 - 04:29
User Badges:

what I mean is if I integrate WLC with AD directly without ACS. Then what should be setting on windows Clients' laptop. Like for PEAP there is option to select PEAP & then MSCHAPv2 settings on client laptops.

I hope you got my point.

gamccall Fri, 05/08/2009 - 05:11
User Badges:
  • Silver, 250 points or more

Here's what Cisco says about supported EAP methods for a Local EAP solution:


Local EAP can use an LDAP server as its backend database to retrieve user credentials.

An LDAP backend database allows the controller to query an LDAP server for the credentials (username and password) of a particular user. These credentials are then used to authenticate the user.

The LDAP backend database supports these Local EAP methods:




LEAP, EAP-FAST/MSCHAPv2, and PEAPv0/MSCHAPv2 are also supported, but only if the LDAP server is set up to return a clear-text password. For example, Microsoft Active Directory is not supported because it does not return a clear-text password. If the LDAP server cannot be configured to return a clear-text password, LEAP, EAP-FAST/MSCHAPv2, and PEAPv0/MSCHAPv2 are not supported.


GTC is not supported by default on Windows systems, so you would have to install a third-party wireless client such as Cisco CSSC.


This Discussion



Trending Topics - Security & Network