Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Wireless PEAP users authenticated by TACACS+

Hello,

I have the following scenario, access points 1214 (fat AP) connected to ACS (RADIUS) and the ACS integrated with Novell LDAP as external database.

The wireless users use PEAP for authentication, here the problem when I tried to connect wirelessly with username and password configured locally on the ACS database it works fine but if I use a username and password listed on the Novell LDAP I got the error ?Auth type not supported by External DB? .

Note:

For VPN users, I can connect and access the network resources from outside with username and password listed on Novell LDAP database (integration between ACS and Novell LDAP is fine). Maybe this note could help you!!

Regards,

Belal

2 REPLIES
Silver

Re: Wireless PEAP users authenticated by TACACS+

Hmm, what version of PEAP are you using and what is the inner protocol?

LDAP will only work using clear text username + password. PEAPv0 (the MSFT version) uses MSCHAP inside - MSCHAP doesnt work against LDAP.

PEAPv1 with EAP-GTC inner should work with LDAP because the username + password are clear (inside the PEAP tunnel)

Darran

Community Member

Re: Wireless PEAP users authenticated by TACACS+

Hello Darran,

Thx for your feedback..

now i'm trying to configure EAP-TLS but as stated in the configuration guide i should have CA certificates for both ACS and the wireless users. here the question, shall i have CA server or thers is another way to complete the task (use local generated certificate for example if possible) ?

Regards,

Belal

214
Views
0
Helpful
2
Replies
CreatePlease to create content