Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
518
Views
8
Helpful
5
Replies

802.1X ACS Self Signed External Windows DB

ricardorojas123
Level 1
Level 1

‎11-11-2010 05:21 AM - edited ‎07-03-2021 07:23 PM

I can configure the ACS server whit Self Signed and integrate it into a Windows database?

The users will be authenticate whit 802.1X configured in a WLAN in WLC4400.

Labels:
0 Helpful
5 Replies 5

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎11-11-2010 07:30 AM

Yes, that will work.  The one caveat to this, is if you are doing PEAP, do not check the box for "validate server certificate", unless you export the cert from ACS and push to your clients.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

ricardorojas123
Level 1
Level 1
In response to Stephen Rodriguez

‎11-15-2010 06:53 AM

Thanks Stephen Rodriguez,

I  have configured the certificate on the ACS, and I installed the  certificate in the stations, and users are authenticated on the wireless  network, but the username and password are configured on the server.

To use the windows accounts. What do I have to configure?

0 Helpful

Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to ricardorojas123

‎11-15-2010 07:22 AM

You need to configure ACS to talk to AD.  in 4.x this should be under External Databases, WIndows Database, Configure.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

ricardorojas123
Level 1
Level 1
In response to Stephen Rodriguez

‎11-15-2010 12:04 PM

Thanks Sthephen,

I have configured this in the ACS:

1. The ACS server is member server, for example LAB.

2. In External User Database / Windows Database / Configure / In the configure domain list I select the domain called LAB.

3. System Configuration/ACS Certificate Setup/Generate Self-Signed. I enter all parameter requerided and the certificate is created.

4. The certificate is installed in the wireless client and the wireless profile is configured selecting the certificate. In the windows profile of the wireless conection, I uncheck the Automatically use my Windows logon name and password, this option is disable to use the local database of the ACS.

The only configuration necessary for the integration of the ACS server whit the Windows domain. Is that the server is a member of the Windows domain and select the domain in the domain list in the acs? and check the option "Automatically use my Windows logon name and password"

0 Helpful

Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to ricardorojas123

‎11-15-2010 12:09 PM

That sounds about right.  Now you can go in the database mappings and map to specific OU's if you want to get a little more granular than just the enitre forest.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card