Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
askaer netsec
askaer netsec
Community Member
‎06-06-2014 06:03 AM
‎06-06-2014 06:03 AM

captive portal with external authentication

Hi,

 

I'm wondering if there is a way to have wireless users authenticate on a captive portal with attributes that are not stored in LDAP.

 

We have ACS servers, wireless controllers, a bunge of access points and Microsoft AD servers.

What I'd like to do is get users authenticated on a certain SSID with specific variables that I have stored somwhere in an DB (not in the AD servers and not defined on the ACS servers).

 

For example a user has to register on a website with his name and a token is created and given to the user and stored in a DB. The user comes to the company and uses his name and this token to logon to the wireless.

 

Has anybody ever done this or knows how to? I hope this makes sense.

 

Kr,

Esger

0 Helpful
Reply
2 REPLIES
Stephen Rodriguez
Stephen Rodriguez Purple
Purple
‎06-10-2014 05:30 AM
‎06-10-2014 05:30 AM

That should work so long as

That should work so long as the WLC or your AAA can query the DB. In this scenario I would configure ACS to make the DB query, and just point the WLAN to that ACS.

 

Now the danger of this is that an internal user could get on with their credentials if ACS is also looking into AD. So you would also need to configure NAR so that a user whose credentials where in AD would be denied access.

 

HTH,

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
0 Helpful
Reply
askaer netsec
askaer netsec
Community Member
‎06-12-2014 06:06 AM
‎06-12-2014 06:06 AM

Thanks for your time to

Thanks for your time to answer my question.

 

Would that be some custom scripting to get the ACS to query the DB and use those data for logon? I don't see how it can be done seeing the data is kept in a DB and not an LDAP server.

 

Thanks,

Esger

 

0 Helpful
Reply
Latest Documents
Concepts about Multicast
Created by Rajan Parmar on 04-02-2018 06:40 AM
1
0
1
0
< PRE >     (#)For this reason being that : - application that doesn't use multicast, sends one copy of each packet ( data unit of traffic at layer 3 ) to each client (" who seeks the traffic ).- application that does use multicast, sends ... view more
How to transfer Crash file from Standby WLC (HighAvailability) to TFTP.
Created by Vengatesa Prasath on 11-08-2017 10:57 PM
1
0
1
0
Transferring Crash file from standby: Login to the Active WLC in HA.   From CLI:   (Cisco Controller) >transfer upload datatype crash (Cisco Controller) >transfer upload filename <Desired filename> (Cisco Controller) >transfer up... view more
Wireshark to OmniPeek 802.11 Display Filter Conversion table
Created by ericgarnel on 11-06-2017 12:56 PM
1
5
1
5
This is the start of a display filter cross reference between Wireshark and OmniPeek. The 1st installment is a table of advanced filters. More filters will be added as time allows. It is a living doc, so check back for changes every so often Please feel ... view more
All Documents
129
Views
0
Helpful
2
Replies
CreatePlease to create content
Discussion
Blog
Document
Video