Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

acs 5.2 peap-gtc and ldap

We want to use eap-ttls and ldap (not AD).  That isn't supported.

So we want to go PEAP, but the only methods are PEAP-MSCHAP or PEAP-GTC.  Now the docs say PEAP-GTC supports ldap on the identity store.

So is GTC simply GTC without a token card? (simple login and password) and will work with LDAP?  Do some of the GTC look like an LDAP auth?

So because a GTC is just login/password, using that method for ldap is okay even though it isn't a GTC even though the password isn't a one time one?  Just funny to use GTC without a GTC involved.

Everyone's tags (4)
3 REPLIES
New Member

acs 5.2 peap-gtc and ldap

Well, I convinced myself it is going to work.

Silver

acs 5.2 peap-gtc and ldap

Hello Eugene,

I have configured the ACS 5.1 with LDAP Authentication against a Windows domain. I have also installed Cisco Secure Service Client (CSSC Supplicant) with PEAP GTC enabled for the Tunneled Method. I only have static password defined in Windows Domain.

I have tested authentication with client configured for PEAP-GTC > ACS 5.1 with LDAP database > Windows AD acting as backend LDAP and everything is working fine.

So, it seems that PEAP-GTC, even though is meant for OTP database would work when authenticating against LDAP database as well.

ACS configuration:

NOTE: The above was configured on a Lab Environment and I cannot assure how it will behave on a production network.

NOTE: Click images to enlarge.

That being said it seems that the suggested scenario might work.

If this was helpful please rate.

Best Regards.

New Member

acs 5.2 peap-gtc and ldap

Thank you very much Carlos.  I just have to get my wireless guy to configure PEAP-GTC on a VLAN so I can test.

I wish EAP-TTLS was also supported, but I will take what I can get.

1118
Views
0
Helpful
3
Replies
CreatePlease login to create content