Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member


Hi experts,

I am using PEAP-GTC with ACS secure engine 4.1 with external database as LDAP as authentication mechanism for my wireless clients.

I am trying to configure user changable password in this setup. I am seeing in documents that only windows active directory is possible to achieve this.

can you please guide me how to configure user changable password for my wireless clients when LDAP is used as external authentication server

thanks in advance


Cisco Employee

Re: UCP using LDAP and PEAP-GTC

Hi Sairam:

You use the UCP application to enable users to change their ACS passwords for only ACS internal user's with a web-based utility. When users need to change passwords, they can access the UCP web page by using a supported web browser.

Installing UCP:

We can not use UCP with any kind of database neither windows nor LDAP. It only works for ACS internal/Local users.

Secondly, For wireless clients password change only works with PEAP-MSCHAPv2 and EAP-FAST that too with windows database (AD) because it requires mschap protocol to negotiate password change.

On ACS we need to make sure that mschap is enabled Under External User Databases > Database Configuration > Windows Database >

Configure > Windows Authentication Configuration.

"Enable password changes using MS-CHAP version 1." and,

"Enable password changes using MS-CHAP version 2."

And, Under System Configuration > Global Authentication Setup > under "MS-CHAP Configuration",

Check "Allow MS-CHAP Version 1 Authentication"

Check "Allow MS-CHAP Version 2 Authentication"

You are using ACS as a authentication server with LDAP as a backend database and ldap doesn't support MSCHAP.

Looks like none of these option fits in your requirement




Plz rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
Community Member

Re: UCP using LDAP and PEAP-GTC

Dear JK,

I am worried that you are saying using LDAP + PEAP-GTC + ACS, it is not possible to make the setup which enables the wireless users to change their password.

Otherwise it will be difficult for us to control the users. I prefer the users should maintain their own password.

Can you please suggest me any other solution which will enable this setup using LDAP + ACS + other EAP method for my wireless clients (Please note: I donot want the certificate authentication as it will again require cumbersome task of distributing to users)

thanks in advance


CreatePlease to create content