cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
656
Views
0
Helpful
5
Replies

PEAP NDS Authentication

fcapra
Level 1
Level 1

1200 AP latest Vx firmware. ACS appliance. Dell Inspiron with 0n-board 802.11b card running windows XP SP1. I can get PEAP to work with the ACS local database but not with NDS. Authentication fails. Anybody else have any problems with NDS External Database? This is my last step to being successfull on this.

On another XP machine I installed the MS patch for PEAP, but the GTC option still does not show up. Do I need to install the Cisco ACU for this to appear?

Thanks

5 Replies 5

a-vazquez
Level 6
Level 6

If you are using the PEAP-MSCHAPV2 that comes with windows, you cannot reference NDS. NDS does not understand MSCHAP encryption. Authentication to NDS requires PEAP-GTC.

baileja
Level 1
Level 1

There are two versions of PEAP. Cisco's and Microsofts. Microsofts version (comes with XP SP1 and you can download the client for other OS's such as 2000) uses MS-CHAPv2 too authenticate with user databases. MS-CHAPv2 can only be understood by MS user databases such as NT Domains and Active Directory. NDS will not understand. Cisco's version of PEAP can authenticate with any LDAP database such as NDS or Active Directory. But to use Cisco's version you need either a Cisco Aironet Client Adapter or a WIreless adapter with Cisco Compatible Extensions (CCX). You can use both Cisco PEAP and MS PEAP through out your Wireless Network if you have multiple user databases (we have NT Domains, Active Directory Domains, and NDS). But take note, Cisco's PEAP and MS's PEAP are not compatible on the client. If you are using MS PEAP on an XP SP1 client, and you download Cisco's ACU, MS PEAP is no longer used and you must reinstall SP1 to revert back. If you are using Cisco PEAP and install XP SP1 afterwards, you will need to reinstall the ACU client.

coolccnp
Level 1
Level 1

were you able to resolve your issue with PEAP not authenticating with NDS?

ejaakola
Level 1
Level 1

Here is a configuration document we wrote while fighting with EAP methods and LDAP. Configuration uses PEAP (EAP-GTC) for authentication.

http://www.hut.fi/~ejaakola/eapgtc_conf_guide.htm

Configuration uses : Windows XP + SP1 + ACU, Aironet 1200, Cisco ACS 3.2.1 and Novell Edirectory 8.7.

Hopefully this helps. My email can be found from the document, feel free to mail me about any suggestions or problems considering the document.

Esa

Hi,

may I have the configuration?

I have the same problem,but with ACS 4.1.

Best regards

Stefano

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: