Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PEAP with ACS and external LDAP

I want to configure PEAP on WIN2000 with the 802.1X patch. I have ACU ver.5.05 and ACS3.1 on windows. My external LDAP stores passwords in clear text format. Am I gonna have any problems since the PEAP uses MS-CHAP V2 and the LDAP uses clear text?

Also, do I need certificate on the wireless client in addition to the server certificate on ACS (like EAP-TLS)?

Also, do I need ACU 6 to use PEAP on WIN2000?

Thanks a lot for any help.


Re: PEAP with ACS and external LDAP

1)PEAP will not work from Win2K SP3 client through Cisco Secure ACS since MS uses PEAP-MSCHAPV2 and Cisco PEAP uses PEAP-GTC. So you might end up in a message like "Invalid message authenticator in EAP request".

But with ACU 5.05 , this is not an issue, I guess. You can see it here:

2)PEAP and EAP-TLS are very similar, the only difference is that for PEAP, the "user workstation does not need a certificate" and instead will get prompted for a username and password.

3)PEAP on WIN2k will work well with ACU5.05.

New Member

Re: PEAP with ACS and external LDAP

thanks a lot for the info :)