WLC integrating with Windows 2008 AD

Unanswered Question
Oct 12th, 2009

Hi,

I want to integrate WLC with windows 2008 server. If anybody done this integration i would like to know what are the step i need to do in the Microsoft Side, If you have any document related to MS 2008 integration pls share the information with me.

Thanks in adavence.

Regards,

Sunish

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Robert.N.Barrett_2 Mon, 10/12/2009 - 16:30

Can you provide more detail around what you mean by integrate? I don't think a WLC can talk directly to AD (Kerberos, LDAP, or otherwise).

If what you mean by "integrate" is to be able to authenticate wireless users against AD, then you will need something to proxy that authentication. That is usually a RADIUS server. Cisco ACS and Microsoft IAS and two common RADIUS servers, both of which can talk to AD. Check out the Cisco ACS 4.2 configuration guide for a good example. Here's a link to an older Microsoft article, but it still applies to 2008 (Microsoft IAS is still included with Windows Server).

http://www.microsoft.com/downloads/details.aspx?familyid=0f7fa9a2-e113-415b-b2a9-b6a3d64c48f5&displaylang=en

Robert.N.Barrett_2 Mon, 10/12/2009 - 19:30

I learn something new every day! However, be aware of the following (since most people want to use PEAP with AD):

The LDAP backend database supports these Local EAP methods:

EAP-FAST/GTC

EAP-TLS

PEAPv1/GTC.

LEAP, EAP-FAST/MSCHAPv2, and PEAPv0/MSCHAPv2 are also supported, but only if the LDAP server is set up to return a clear-text password. For example, Microsoft Active Directory is not supported because it does not return a clear-text password. If the LDAP server cannot be configured to return a clear-text password, LEAP, EAP-FAST/MSCHAPv2, and PEAPv0/MSCHAPv2 are not supported.

Actions

This Discussion

 

 

Trending Topics - Security & Network