It does indeed work. I have setup 2 shops using IAS and 340's,350's, 1100's and 1200's. I used the ms-chap option. You create a server cert, configure the IAS server with the client (AP) and secret and configure the AP to point to the IAS server. On the client side I had to authenticate the workstation in order to get login scripts and policies to work. One problem we ran into was Native versus mixed modes in AD. You do not need to switch to native but in order for the machine to authenticate prior (meaning the machine is in the VPN group) you need to have the domain in Native mode as you can't grant dial in permission to the workstation. Once this is complete the machine logs in first allowing it to obtain an IP and giving the user time to authenticate. Keep in mind if the user does not succesfully authenticate the connection is terminated whether the computer authenticates or not. If you have any questions send me an email at email@example.com and I will be happy to help.
Not sure if you ever got your question answered, but in MS Active Directory you need to go t the Dial-in tab and set to allow access. If you need to do HOST based authentication, you need to call MS for a patch that allows you to see a Dial-in tab for computer accounts in AD, then change to allow access.
It may be your NAS-Port-Type the setting for this on the latest IOS based 1200 AP is set to 16 I believe. In addition to this for Win 2003 IAS policy set up it puts that Nas-Port-type in automatically. You should remove this, that is comming right from Microsoft, it is known to cause problems. I hav ethe exact setup you are using except I am using XP clients. Also don't for get to set the EAP Client Timeout to something like 40 or so, this made all the difference in the world for me. It is under advanced security EAP authntication.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...