I try to configure the controller (220.127.116.11) to authenticate users directly through LDAP. EAP-Fast with local authentication with PAC or Certificates works well. When I try to disable local authencation and go directly through the LDAP server, the client didn't get any ip address. Does someone have a working installation with LDAP and EAP-FAST and could give my a hint?
I know now the problem. WLC try to connect with "anonymous bind" to the ldap server. It works well with Win2000. With Win2003 it works only if you open the security. See link: http://support.microsoft.com/kb/320528/en
You haven't the possiblity to configure any username/pwd for a secure ldap query. It's something that is an absolutely need for many customers.
For the moment I will sugest the "workaround" with AP->WLC->Radius->LDAP
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...