Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.2 - LDAP - Authentication - WLC - radius

Greetings

I am setting up acs radius

I got a local account to work, but hitting a wall for ldap.

The error specifically is 15015 Could not find ID Store - Internal Error, contact TAC

ACS 5.2.0.26

WLC - 4404 - 7.0.98.0

Client Mac os x 10.6

LDAP novell e-directory

These are the steps I followed

ACS

Step 1

Define network resources

under NETWORK RESOURCES

created location

created device type

under NETWORK RESOURCES>NETWORK DEVICES and AAA Clients

created WLC with correct IP, checked radius box and entered shared secret - this all work with local account

Step 2

under USERS and IDENTITY STORES>EXTERNAL IDENTITY STORES>LDAP

created an LDAP Identity Store

entered all relevent info

click test Bind to server > pop up connection test bind succeeded

Tab DIRECTORY ORGANIZATION

filled in and click on Test Configuration

pop up Number of subjects >100 Number of Groups 66

select directory groups

obtain attributes from example subject

Step 3

under POLICY ELEMENTS

created a Date and Time SESSION CONDITION > allowing all time

created a Authorization profile under subsection NETWORK ACCESS

Step 4

under ACCESS SERVICES

click on DEFAULT NETWORK ACCESS

add PEAP - GTC under allowed protocols

click on IDENTITY and select my LDAP Identity Store

click on authorization and create a rule matching the date and time with authorization profile

Step 5

On the wlc

wlan was created with wpa/wpa2

and AAA radius pointing to ACS

same settings that worked with ACS local account

Step 6

enable client radio and join WLAN

Pop up username and password

says authenticating but to no avail.

Everyone's tags (6)
1 REPLY
New Member

ACS 5.2 - LDAP - Authentication - WLC - radius

Ok All is working, consider this as solved.

A restart of the ACS service magically fixed whatever was going on.

Cheers

2034
Views
0
Helpful
1
Replies
CreatePlease login to create content