Automatic Active Directory Auth w/ no certs and native Windows client

jimgrumbles · ‎03-07-2008

I'm having a hard time here trying to setup a WLAN in the office that will authenticate users to Active Directory (via ACS 3.2) without using certificates and while using the native Windows wireless client.

The closest I've come is this guide:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00804b9d57.shtml#ap-acs

Unfortunately it requires the use of third party clients such as the Intel PROSet or the Cisco client.

Also, somewhat unrelated, let's say I finally get AD authentication up and running somehow but we want to allow guest access without using a pre-shared key ala WPA. Is my only option a captive portal?

Thank you!

jimgrumbles · ‎03-07-2008

Well, I kind of got this working by using a self-signed certificate on the ACS server. However from a user perspective it does seem a bit of a hassle to have to edit the wireless network settings, enable PEAP, then edit the PEAP properties to not validate the server certificate.

Any suggestions or is this pretty much the smoothest I can get it going?

At some point I could work with the Windows server admin and get certificates going on the domain but even with auto enrollment enabled there is still a lot of manual configuration to get the client connected initially as detailed in the following guides:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml#wc-2

http://www.cisco.com/en/US/products/hw/wireless/ps430/products_white_paper09186a008009256b.shtml#wp39392