I would like to use LEAP authentication for my WLAN users via an existing LDAP database, but have been told that this will not work because LDAP does not support any CHAP authentication protocols and this is what the Aironet AP's use. I don't really understand why this response since it will be the ACS server talking to the LDAP server, not the AP. I thought the LDAP server is used only as a group/password database and the ACS server handles the interface to the access point.
Has anyone set up a similar architecture? Or, can anyone give me a more definitive explanation of why this would not work?
You are correct, you can NOT use an LDAP database to authenticate. The problem is with the hashing algorithm. Other standards exist, but LEAP is Cisco proprietary and that is one of the issues. If you don't have a ton of users, maybe just create a local database file on your RADIUS server, that works great, or authenticate against an NT domain.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...