Solved: Cisco ISE protocols for ldap and Windows wireless client

Mathieu Sturm · ‎10-28-2013

Only the protocols below are supported by ise in combination with ldap identity sources.

EAP-GTC, PAP, EAP-TLS, PEAP-TLS.

Mac OS devices seem to be able to use these but Windows users seem to be having problems. How should windows users connect with ise that only uses ldap?

Tarik Admani · ‎10-28-2013

You can use the anyconnect network access manager. Just out of curiosity why ldap over joining ise to AD?

Sent from Cisco Technical Support Android App

View solution in original post

Nicholas Poole · ‎10-28-2013

The Windows supplicant supports EAP-TLS when you select certificates as the auth method. (you of course needs client side certs issued to windows user to use EAP-TLS though)

Mathieu Sturm · ‎10-28-2013

That doesn't seem to be very user friendly

Tarik Admani · ‎10-28-2013

You can use the anyconnect network access manager. Just out of curiosity why ldap over joining ise to AD?

Sent from Cisco Technical Support Android App

Mathieu Sturm · ‎10-28-2013

Do you still need the certificates then with the network access manager? We need to strip of everything after the @ sign. I know you can connect with an AD through LDAP external identity source but because of our complicated AD structure this isn't possible.

Tarik Admani · ‎10-28-2013

Mathieu,

Take a look at the user guide for NAM -

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/ac04namconfig.html

You will see the protocols support like GTC that should allow you not to have to deploy certs.

Thanks.

Tarik Admani
*Please rate helpful posts*

Mathieu Sturm · ‎10-29-2013

I can't ask the users to install something. The reason I use LDAP is because I need to strip of some data in the username starting from the @ sign. Unfortunately LDAP is the only way to go to do this isn't it?