×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco WLC 2500 Active directory integration

Unanswered Question
Apr 11th, 2012
User Badges:

Hello to all!!


I recently bought a Cisco WLC 2500. I want to configure a WLAN with Active directory autentication.


How I can do this??


There is any guide or configuration example?


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fella Wed, 04/11/2012 - 06:11
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Truro use a radius server. Search for wlc peap ias or nps


http://www.cisco.com/en/US/products/ps6366/products_configuration_exampl...


Sent from Cisco Technical Support iPhone App

Amjad Abdullah Wed, 04/11/2012 - 07:47
User Badges:
  • Red, 2250 points or more

You can use LDAP to connect to the AD for authentication. This needs you to utilize local EAP.

Here is a config example: http://tiny.cc/ctulcw


The above link


The problem with LDAP integration with AD is that you are only restricted to some EAP types.
The supported types are EAP-FAST, EAP-TLS and LEAP.


quoting from the above link:


Local EAP supports LEAP, EAP-FAST, EAP-TLS, P EAPv0/MSCHAPv2, and PEAPv1/GTC authentication between the controller and wireless clients.


The LDAP backend database supports these Local EAP methods:



EAP-FAST/GTC



EAP-TLS



PEAPv1/GTC.



LEAP, EAP-FAST/MSCHAPv2, and PEAPv0/MSCHAPv2 are also supported, but only if the LDAP server is set up to return a clear-text password. For example, Microsoft Active Directory is not supported because it does not return a clear-text password. If the LDAP server cannot be configured to return a clear-text password, LEAP, EAP-FAST/MSCHAPv2, and PEAPv0/MSCHAPv2 are not supported.


The only common supported EAP types shared between local EAP and LDAP (as it's backend server) is EAP-TLS PEAPv1/GTCand EAP-FAST. So if you are going to use this option you need probably to use one of those types.


You can also use a radius server and integrate the radius server with AD. This is a much better optoin where you can use whatever EAP type supported by the radius server. If you can take the radius server option then I don't recommend to go to local EAP option with LDAP. RADIUS erver option is much better. Use only the local eap if you have small environment or you can't by anyway utilize a radius server.


Hope this helps.


Amjad

Michael Seden Tue, 10/30/2012 - 14:48
User Badges:

I have the same problem. I wondered if you had fixed yours. We are using Active Directory on 2008 R2 for our Domain Controller. Everything I have seen so far is Server 2003. We have 2 networks, one a guest that we do the local user configuration and generate passwords as needed. The other I would like to tie to AD so my internal users can authenticate. I did a Tac case on it but they say it is my Windows config that is wrong. (still not resolved) I got the AD Guru on it and they can't seem to see anything wrong either. I know it is probably as simpl as a radio button click. Any help would be appreciated.


Thanks,

Mike Seden

Scott Fella Wed, 10/31/2012 - 01:30
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Are you using radius or not? It's easier to accomplish this if you just bring up a Microsoft radius server either IAS (2003) or NPS if your on 2008.

Sent from Cisco Technical Support iPhone App

Actions

This Discussion

 

 

Trending Topics - Security & Network