WLC integration with LDAP (Active Directory)

Unanswered Question
Apr 30th, 2009

Hi All, I would like to integrate Active Directory with Wireless controller. Can any one help me on this how can I do this? what will be the settings for users laptop? peap or LEAP

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
huangedmc Thu, 04/30/2009 - 03:02

According to our SE, integration w/ Active Directory via LDAP is currently not supported.

It had something to do w/ how the password is wrapped...can't remember the details now.

We use ACS for AAA via RADIUS so it's not a problem for us.

If you have MS IAS that can support RADIUS then maybe that'll work.

huangedmc Thu, 04/30/2009 - 11:58

I should've clarified...WLC supports Microsoft AD via LDAP, but only for EAP-FAST, and EAP-TLS.

If you plan on using it for PEAP, it won't work.

I'm told a new maintenance release will be out in June.

Maybe the limitation will be removed then.

Open a TAC case or check w/ your SE to make sure my info is up to date.

jain.nitin Wed, 05/06/2009 - 11:19

Thanks for your help. Could you please let me know if i integrate wlc with AD directly then what would be configuration for windows PC. Means like we configure for PEAP for windows wireless client.

Thanks

gamccall Wed, 05/06/2009 - 11:32

PEAP + AD + Local EAP on controllers = not work.

PEAP + AD + controllers + RADIUS server = work just fine.

jain.nitin Wed, 05/06/2009 - 12:04

I dont understand then what would be the configuration on windows clients Pc/Laptops if I integrate WLC with AD...any idea

jain.nitin Fri, 05/08/2009 - 04:29

what I mean is if I integrate WLC with AD directly without ACS. Then what should be setting on windows Clients' laptop. Like for PEAP there is option to select PEAP & then MSCHAPv2 settings on client laptops.

I hope you got my point.

gamccall Fri, 05/08/2009 - 05:11

Here's what Cisco says about supported EAP methods for a Local EAP solution:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Local EAP can use an LDAP server as its backend database to retrieve user credentials.

An LDAP backend database allows the controller to query an LDAP server for the credentials (username and password) of a particular user. These credentials are then used to authenticate the user.

The LDAP backend database supports these Local EAP methods:

EAP-FAST/GTC

EAP-TLS

PEAPv1/GTC.

LEAP, EAP-FAST/MSCHAPv2, and PEAPv0/MSCHAPv2 are also supported, but only if the LDAP server is set up to return a clear-text password. For example, Microsoft Active Directory is not supported because it does not return a clear-text password. If the LDAP server cannot be configured to return a clear-text password, LEAP, EAP-FAST/MSCHAPv2, and PEAPv0/MSCHAPv2 are not supported.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

GTC is not supported by default on Windows systems, so you would have to install a third-party wireless client such as Cisco CSSC.

Actions

This Discussion

 

 

Trending Topics - Security & Network