Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

2504 LDAP for devices

How can I setup the WLC to accept authentication based on the device itself and not a user?

Everyone's tags (3)
7 REPLIES

2504 LDAP for devices

Do you have an AAA server that you will be backending to for the machine accounts?

the config on the WLC doesn't change if you do.  It all depends on the EAP config you have on the AAA server.

HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

Re: 2504 LDAP for devices

Can you plz clarify more

What is the auth type that you want to use?

Sent from Cisco Technical Support iPad App

Rating useful replies is more useful than saying "Thank you"
New Member

Re: 2504 LDAP for devices

Customer wants to authenticate against LDAP based on the device itself, not any particular user. He has the computers in AD that he wants to have access to the wireless with, some are Windows CE type devices.  He has Windows Server 2003.

Re: 2504 LDAP for devices

LDAP to AD does not work well from the WLC, as AD stores the password in a non-reversable format.

You'd be better off promoting the 2k3 server to run IAS and doing the authentication from there.

HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

Re: 2504 LDAP for devices

I guess you mean machine authentication, not user authenticatoin, right?

the answer will be "No". This is not supported with LDAP unfortunately.
You need to enter the username and the password to authenticate.
If you want machine authentication you can use MS IAS/NPS or Cisco ACS.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"
New Member

Re: 2504 LDAP for devices

Yes, Machine auth. So is there a good example based on Windows, and not ACS? Customer is not going to purchase an ACS for this.

Re: 2504 LDAP for devices

Well, you better visit microsoft forums and ask there. It is almost a checkbox to check in the NPS policies to enable machine authentication but I have no idea how to go to that piece of configuration.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"
470
Views
0
Helpful
7
Replies