Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1939
Views
0
Helpful
6
Replies

802.1x/LEAP authentication against RADIUS+LDAP

a.kiprawih
Level 7
Level 7

‎01-01-2004 07:30 PM - edited ‎03-10-2019 07:36 AM

Hi,

To secure access via WLAN infra, LEAP is another option that can be used together with 802.1x.

Can LEAP be used with RADIUS (Cisco Access Registar@CAR), where RADIUS, in turn will forward AAA request to another external server via LDAP? I've came across info saying that LEAP cannot work with "LDAP/NDS Backend DB Support".

Can anybody verify this?

Thank you.

AK

Labels:
0 Helpful
6 Replies 6

owillins
Level 6
Level 6

‎01-07-2004 08:08 AM

For LEAP to work with an external database the database needs to support MS-CHAP. This is the reason it does not work with NDS or LDAP. The following table shows the databases supported by LEAP.

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt30/user/o.htm#551

0 Helpful

Craig Norborg
Level 4
Level 4
In response to owillins

‎01-15-2004 10:41 AM

Of course this is true only for Cisco ACS, there are other radius products on the market (Steel-Belted by Funk for one) that claim the ability to do authentication, including LEAP, off an LDAP database. I know there are some limitations to that also, esp. if you want to do it against active directory, which isn't true LDAP...

0 Helpful

sanpatel
Level 1
Level 1

‎01-27-2004 10:34 AM

Yes, LEAP can be used in conjunction with Cisco CNS Access Registrar and a back-end LDAP directory.

Note that the user passwords must be stored in cleartext format, in the directory.

0 Helpful

sguerrero
Level 1
Level 1
In response to sanpatel

‎01-27-2004 07:34 PM

A question related to this topic: Do you know if I Can use ISA service (Radius) from a windows 2000 server in order to use radius authentication with an AP 1200? Is this possible or only with Cisco Secure ACS ?

Thanks.

0 Helpful

bapayne
Level 1
Level 1
In response to sanpatel

‎02-24-2004 10:48 AM

Can you give me a link on how to do this? Also can this be done using ACS instead on Registrar?

0 Helpful

sanpatel
Level 1
Level 1
In response to bapayne

‎02-25-2004 06:42 PM

In AR 3.0, you create an eap-leap 'service':

cd /radius/services/

add leapservice

cd leapservice

set type eap-leap

set user-service local-users

In this example 'local-users' is an AR internal userlist service, but it could equally be an LDAP or Oracle database one. The passwords in these external stores must be available to AR in cleartext.

AFAIK, ACS does not support LEAP with an LDAP directory.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents