Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

802.1x using authentication from NT Domain Controller instead of Radius

I would like to know if it's possible to configure 802.1x using authentication from NT Domain Controller, instead of using Radius or Tacacs.

2 REPLIES
Green

Re: 802.1x using authentication from NT Domain Controller instea

It is possible to use MS AD, generic LDAP, Novell NDS for authentication, it's fairly common.

The issue is "How do get the device to talk to the authentication source ... (AD, DC, NDS, LDAP)?"

The answer is RADIUS.

You can configure RADIUS to pull authentication from a variety of source (depending on the RADIUS - many/most can use any of the LDAP-based systems).

So, yes, certainly you can use the Microsoft AD, but you need RADIUS to connect the two systems (the 802.1x device and the AD server).

If cost is the issue, try freeRADIUS (www.freeradius.org) - it's fully featured (can use LDAP, AD, NDS, Certificates, etc), it's free, and configuration is much easier than it looks ....

Good Luck

Scott

New Member

Re: 802.1x using authentication from NT Domain Controller instea

Are you running MS 2000/2003 server or pure NT 4 domain controller? If you have MS 2000/2003, you can just enable the IAS services on the server. IAS is MS version of Radius server and it come with the server OS. It works very similar to all other Radius and able to handle 802.1x

With IAS you can defined your own login rules and control the users using AD policy.

184
Views
0
Helpful
2
Replies