Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ldap authentication on wlc 2504 for wireless clients

I'm trying to configure LDAP authentication for wireless clients. I found various documents describing LDAP setup, but they only seem to offer a portion of the config. http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-2/configuration/guide/cg/cg_security_sol.html Under the LDAP section, I have don all this. Server Index 1 Server Address x.x.x.x Port Number 389 Simple Bind Authenticated Bind Username CN=xxxxxxc,OU=Denver,OU=CorpUsers,DC=xxxxx,DC=com Bind Password xxxxx Confirm Bind Password xxxxx User Base DN DC=xxxxx,DC=com User Attribute sAMAccountName User Object Type Person Secure Mode(via TLS) Enabled Server Timeout 2 seconds Enable Server Status Enabled Local EAP profiles I have EAP-FAST & EAP-TLS I am NOT using certs, so all those are unchecked. Authentication Priority is LDAP this part I am guessing on: WLAN Layer 2 Security is set to 802.1x Layer 3 is none AAA servers, I have my LDAP server selected, local EAP auth enabled with my ldap profile selected, ldap as top item for authentication I just get a message that says Windows was unable to connect to the wireless network. It works fine if I change layer 2 security to WPA2 with a PSK. I'm not certain that the LDAP request is even hitting the server. I am using authenticated bind, so I have NOT enabled anonymous authentication on the LDAP server and I'm not using certs. Any ideas on what I'm missing to make LDAP auth work?
2 REPLIES
New Member

I'm trying to do similar on

I'm trying to do similar on 5760.

I have webauth to external server, redirect is fine client enters credentials and gets passed back. we thought the LDAP auth was working but things fell apart, we were never seeing any LDAp requests. the teh client username is resisted on the controller., this looks to be a dynamic addition.

I'm thinking anonymous bind and passing teh cn attribute as the client "username".

 

New Member

I abandoned this altogether

I abandoned this altogether and determined it was easier to just configure radius and use NPS on the windows server to pass domain authentication.  So I installed NPS and configured it to allow a specific windows group and it seems to be working fine.  If not using certs I had to tell the wireless client profile to NOT check the cert as there is none.  If you are a member of the domain and in that group you get authenticated automatically.

366
Views
0
Helpful
2
Replies
CreatePlease login to create content