I am trying to gain a better grasp of authenticating users in a wireless environment. I plan to deploy a 5500 series WLC that authenticates users against a LDAP server. I am having trouble understanding how to deploy wireless access to all users in the LDAP directory. I want users to user there standard login credentials to gain access to the wireless network. from my understanding you must create a certificate for each user and install it on there wireless device prior to them accessing the network for them to use the wireless network. is there away that a user can just use their credentials to log on?
If you are going to use 802.1x with LDAP, It all depends on your EAP type that you want your clients to use.
Only EAP-TLS needs certificates on both WLC and clients. EAP-FAST needs PACS on the clients. PEAP needs a certificate on the AAA server.
If you are going to use Layer 3 authentication (web authentication) then there is no need to use certificates on clients.
Here is a config example of Local EAP with LDAP on WLC:
Here is a config example of Web-auth with LDAP on WLC: