Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ISE protocols for ldap and Windows wireless client

Only the protocols below are supported by ise in combination with ldap identity sources.

EAP-GTC, PAP, EAP-TLS, PEAP-TLS.

Mac OS devices seem to be able to use these but Windows users seem to be having problems. How should windows users connect with ise that only uses ldap?


  • AAA Identity and NAC
Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions

Re:Cisco ISE protocols for ldap and Windows wireless client

You can use the anyconnect network access manager. Just out of curiosity why ldap over joining ise to AD?


Sent from Cisco Technical Support Android App

Tarik Admani *Please rate helpful posts*
6 REPLIES
New Member

Re: Cisco ISE protocols for ldap and Windows wireless client

The Windows supplicant supports EAP-TLS when you select certificates as the auth method.  (you of course needs client side certs issued to windows user to use EAP-TLS though)

New Member

Re: Cisco ISE protocols for ldap and Windows wireless client

That doesn't seem to be very user friendly

Re:Cisco ISE protocols for ldap and Windows wireless client

You can use the anyconnect network access manager. Just out of curiosity why ldap over joining ise to AD?


Sent from Cisco Technical Support Android App

Tarik Admani *Please rate helpful posts*
New Member

Re: Cisco ISE protocols for ldap and Windows wireless client

Do you still need the certificates then  with the network access manager? We need to strip of everything after the @ sign. I know you can connect with an AD through LDAP external identity source but because of our complicated AD structure this isn't possible.

Re: Cisco ISE protocols for ldap and Windows wireless client

Mathieu,

Take a look at the user guide for NAM -

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/ac04namconfig.html

You will see the protocols support like GTC that should allow you not to have to deploy certs.

Thanks.

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

Cisco ISE protocols for ldap and Windows wireless client

I can't ask the users to install something. The reason I use LDAP is because I need to strip of some data in the username starting from the @ sign. Unfortunately LDAP is the only way to go to do this isn't it?

376
Views
10
Helpful
6
Replies
This widget could not be displayed.