Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ACS 3.3, Novell e-directory & 802.1x


Pls., can anyone help with documentations on the integration of ACS 3.3 with Novell e-directory for user authentications with 802.1X configuration on the network.


Re: Cisco ACS 3.3, Novell e-directory & 802.1x


The first thing to say is probably dont use the 3.3 external authenticator for Novell because this has gone in 4.0. You need to use the Generic LDAP authenticator instead - this will make future ACS upgrades easier.

The best thing is to get this working for plain PAP authentications first. You can use radtest (in the acs utils directory) to perform test RADIUS authentications.

Once you have the ability to authenticate novell users via pap working, the next step is to get 802.1x setup. For this you'll have to use the painfully complicated EAP config pages. Basically you can really only look at PEAP GTC (originally intended for token/one time passwords but works with any clear text password)

Clients... you cant AFAIK use the standard windows 802.1x client because it only supports PEAP v0 with MSCHAP and LDAP doesnt support MSCHAP.

Therefore you'll need the Cisco 802.1x supplicant (or other that supports PEAP v1 + EAP-GTC.

Apols for this being complicated... but it is! There are a lot of inter-dependencies on supplicant + eap type + backend database.

Your best hope is for a Cisco TME to give you some help on the fine detail.


New Member

Re: Cisco ACS 3.3, Novell e-directory & 802.1x

I am facing the same problem. I would like to setup my ACS to authenticate Novell database using generic LDAP. Does anyone have a good documentation on how to do it? Thanks

New Member

Re: Cisco ACS 3.3, Novell e-directory & 802.1x

Is it advisable to update to version 4 first and if so what is the procedure?.