I wanted to know if Cisco ACS in any way extends the Microsoft Active Directory schema. I'm thinking not but co-workers want some sort of comfirmation. It's simply an authentication request that either gets accepted or rejected right?
Thanks for the post Scott. However, AD isn't a RADIUS solution like ACS (or IAS) right? What you're really talking about is EAP methods that are supported, not neccessarily schema modifications within AD? So ACS does not NEED to create AD objects that are populated with attributes/properties that are integral to the EAP authentication method. I think thats right but please let me know if its not.
The combination of AD and IAS can provide some compatible auth methods.
ACS, either stand-alone or using the AD as an auth source can provide pretty much all of the available methods.
ACS doesn't need anything from the AD aside from the username / password for a MS-CHAP-v2 (usually inside an EAP system) and / or possibly MAC, maybe certificate info (the cert would usually go into the ACS software, even if it's running on the AD or the CA ...).
Basically, ACS hands the username/password to the AD, asks" Is this one of yours?", .... if the AD responds affirmatively, then ACS / RADIUS sends the "OK to pass" and opens up the connection.
Being that AD is LDAP-based, it's likely that you can, if you want, add other attributes to pass along to ACS, but it's not necessary.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...