I had this up and running with a customer. There was no AD involved though, so it is not entirely your case and there might be other obstacles on the way.
ACS with ACE however works, though there were some nasty problems to be solved on the way to success.
One thing to point out straight away also mentioned in the document mabove:
Challenge Handshake Authentication Protocol (CHAP) cannot be used with the ACE tokens alone because of the requirement CHAP RFC (1994) that states:
CHAP requires that the secret be available in plaintext form. Irreversibly encrypted password databases commonly available cannot be used.
This precludes use of the ACE tokens for straight CHAP unless there is a separate CHAP password. For instance:
Password Authentication Protocol (PAP) is a better choice here.
This means the user has to enter "username*token" - the customer finally wrote a Java applet to construct the propper combination out of different clearly named input fields to simplify the input for unexperienced users.
I believe the problem you have is that you installed the agent for RSA on the AD side. To get RSA to work correctly with ACS is dependant on the build of ACS. The ACS appliaance is a different configuration from the windows version. Go configure your RSA server under EXTERNAL USER DATABASES --> DATABASE CONFIGURATIONS --> RADIUS TOKEN SERVER. From there you can create a new configuration for your RSA server. You will see the RSA server available under individual user configurations. It will be under a drop down for password Authentication.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...