Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

802.1X ACS Self Signed External Windows DB

I can configure the ACS server whit Self Signed and integrate it into a Windows database?

The users will be authenticate whit 802.1X configured in a WLAN in WLC4400.

5 REPLIES

Re: 802.1X ACS Self Signed External Windows DB

Yes, that will work.  The one caveat to this, is if you are doing PEAP, do not check the box for "validate server certificate", unless you export the cert from ACS and push to your clients.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: 802.1X ACS Self Signed External Windows DB

Thanks Stephen Rodriguez,

I  have configured the certificate on the ACS, and I installed the  certificate in the stations, and users are authenticated on the wireless  network, but the username and password are configured on the server.

To use the windows accounts. What do I have to configure?

Re: 802.1X ACS Self Signed External Windows DB

You need to configure ACS to talk to AD.  in 4.x this should be under External Databases, WIndows Database, Configure.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: 802.1X ACS Self Signed External Windows DB

Thanks Sthephen,

I have configured this in the ACS:

1. The ACS server is member server, for example LAB.

2. In External User Database / Windows Database / Configure / In the configure domain list I select the domain called LAB.

3. System Configuration/ACS Certificate Setup/Generate Self-Signed. I enter all parameter requerided and the certificate is created.

4. The certificate is installed in the wireless client and the wireless profile is configured selecting the certificate. In the windows profile of the wireless conection, I uncheck the Automatically use my Windows logon name and password, this option is disable to use the local database of the ACS.

The only configuration necessary for the integration of the ACS server whit the Windows domain. Is that the server is a member of the Windows domain and select the domain in the domain list in the acs? and check the option "Automatically use my Windows logon name and password"

Re: 802.1X ACS Self Signed External Windows DB

That sounds about right.  Now you can go in the database mappings and map to specific OU's if you want to get a little more granular than just the enitre forest.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
271
Views
8
Helpful
5
Replies