We had recently purchased ACS 3.1 and a few 54mbps wireless AP. Our ACS is installed on W2K Server with Novell Client installed. We were able to get the wireless users to login using the ACS's local database. When we try to set up using external user database for Novell NDS or Generic LDAP, we were not successful. Under the fail attempts, it will mention CS User Unknown.
We had go through the White paper in configuring LDAP with ACS but it does not help. Our Novell Netware 6.0, pure IP. The Novell NDS comes with the LDAP functionality, so as long as we can get ACS to work with Novell NDS or LDAP. It is fine with me.
Did anyone manage to configure it to work with wireless clients using Novell NDS as it's external database under the ACS? Please revert. Thanks.
You need to use PEAP on the clients in order to authenticate from NDs database.
Q. What is PEAP?
A. Protected EAP (PEAP) is an 802.1X authentication type for WLANs. PEAP provides strong security, user database extensibility, and support for one-time token authentication and password change or aging. PEAP is based on an Internet Draft (I-D) submitted by Cisco Systems, Microsoft, and RSA Security to the IETF. Glen Zorn, a Cisco innovator, was the Cisco Systems lead engineer and coauthor of this I-D.
Q. What are the security benefits of PEAP?
A. PEAP provides the following security benefits:
PEAP relies on TLS tunnel security to allow non-encrypted authentication types such as EAP-GTC and One Time Password (OTP) support
PEAP uses server-side Public-Key Infrastructure (PKI) based digital certification authentication PEAP allows authentication to an extended suite of directories, including Lightweight Directory Access Protocol (LDAP), Novell NDS (Novell Directory Services) and OTP databases PEAP uses TLS to encrypt all user-sensitive authentication information
I read through the document just now. Still a bit lost. Other than ensuring the right components are installed, any other information as to how we can go about implementing PEAP with Novell NDS? Appreciate your response. Thanks.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...