Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco WLC 2504 webportal for Server 2008 R2 DC LDAP or RADIUS

HI,Friends.

I want to get my mobile or Notebook clients connecting to wireless and use my Domain users ,Cisco WLC 2504 to authenticate via LDAP or  RADIUS to our Windows Server 2008 Domain Controllers

question:

one,i can use my domain one Organizational Unit ,such as cn=use01,ou=test,dc=lzh,dc=com. now, noly user01 can logon on web, But how I make all my domain users can use web log it ? 

I was using radius authentication or ldap certification to do web authentication ?which is good. ???

ldap server

 

ldap server

 

web auth

 

anyoumous logo

 

I specified child ou, ou its users superiors can not be landed on

 

I specified child ou, ou its users superiors can not be landed on

 

Everyone's tags (1)
6 REPLIES
Hall of Fame Super Silver

I have never tried to use

I have never tried to use LDAP for WebAuth to be honest.... Since your a Microsoft shop, its probably better to use a Microsoft NPS Radius server.  When you setup your NPS, make sure you have the following:

I'm going to assume you know how to setup policies, AAA clients in NPS

Scott

-Scott
*** Please rate helpful posts ***
New Member

hi ,Scott FellaThank you,I am

hi ,Scott Fella

Thank you,I am very happy to receive your reply,  I finally binding domain user authentication LDAP authentication done successfully. but You say the combination of nps I did not do the radius authentication is successful, I do not know where the problems.

the err:

<Event><Timestamp data_type="4">07/27/2014 18:33:36.845</Timestamp><Computer-Name data_type="1">PDC-CQ</Computer-Name><Event-Source data_type="1">IAS</Event-Source><User-Name data_type="1">11</User-Name><Service-Type data_type="0">1</Service-Type><NAS-IP-Address data_type="3">10.10.10.253</NAS-IP-Address><NAS-Port data_type="0">1</NAS-Port><NAS-Identifier data_type="1">WLC-CNNEWCITY</NAS-Identifier><NAS-Port-Type data_type="0">19</NAS-Port-Type><Vendor-Specific data_type="2">00003763010600000001</Vendor-Specific><Calling-Station-Id data_type="1">10.12.0.11</Calling-Station-Id><Called-Station-Id data_type="1">10.10.10.253</Called-Station-Id><Client-IP-Address data_type="3">10.10.10.253</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">WLC</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">CNNEWCITY\11</SAM-Account-Name><Class data_type="1">311 1 10.10.10.1 07/27/2014 09:41:28 5</Class><Authentication-Type data_type="0">1</Authentication-Type><NP-Policy-Name data_type="1">Connections to other access servers</NP-Policy-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Fully-Qualifed-User-Name data_type="1">cnnewcity.com/user/test/11</Fully-Qualifed-User-Name><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">07/27/2014 18:33:36.845</Timestamp><Computer-Name data_type="1">PDC-CQ</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 10.10.10.1 07/27/2014 09:41:28 5</Class><Fully-Qualifed-User-Name data_type="1">cnnewcity.com/user/test/11</Fully-Qualifed-User-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Client-IP-Address data_type="3">10.10.10.253</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">WLC</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">CNNEWCITY\11</SAM-Account-Name><NP-Policy-Name data_type="1">Connections to other access servers</NP-Policy-Name><Authentication-Type data_type="0">1</Authentication-Type><Packet-Type data_type="0">3</Packet-Type><Reason-Code data_type="0">66</Reason-Code></Event>

 

then,You gave two figures is that what you mean? what's the meaning it that services-type =login ?

 

Hall of Fame Super Silver

Login is because your using a

Login is because your using a WebAuth entry. You are logging in.

Scott

-Scott
*** Please rate helpful posts ***
New Member

thank you,i will do it.In

thank you,i will do it.In addition to these there any need to pay attention.

Hall of Fame Super Silver

That is really it. Look at

That is really it. Look at the radius logs especially if you are using NPS for other authentication. If it's just for WebAuth you should be fine. 

Scott

-Scott
*** Please rate helpful posts ***
New Member

very good ,I have resolved

very good ,I have resolved.Your method is very useful....thank you.

419
Views
0
Helpful
6
Replies
CreatePlease login to create content