Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Wireless authentication .... LDAP or Radius?

Greeting everyone

We have to setup a wireless infrastructure for a customer and we have the following requirement:

Authenticate users and their Corporate laptop against LDAP so basically if you bring your personnel laptop it won`t work cause it`s not part of the domain.

So the big question is Can we allow on AD devices to authenticate via LDAP or via RADIUS?

Thanks a lot for the help

3 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Re: Wireless authentication .... LDAP or Radius?

Here is a doc for IAS... on step 19, you would "ADD" another policy "Computer Group" or "Windows Group" and select your computer OU.  This is a nice step by step guide.

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080921f67.shtml#chap2

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Re: Wireless authentication .... LDAP or Radius?

Hall of Fame Super Silver

Re: Wireless authentication .... LDAP or Radius?

Radius is the best way in my opinion. Guest users I would use the wlc for local login.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
10 REPLIES
Hall of Fame Super Silver

Re: Wireless authentication .... LDAP or Radius?

You can do both, but your better off using a raidus server and authenticating via machine authentication.  This way users can't just enter their AD credentials on their personal devices.  So as long as you have your computers joined to the domain, you will be able to authenticate using the computer group.

http://pcloadletter.co.uk/2011/07/11/cisco-wifi-active-directory-auth/

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml

-Scott
*** Please rate helpful posts ***
New Member

Wireless authentication .... LDAP or Radius?

Hi Scott Thanks for the answer so using ldap users can even use their personnal devices but they only have to enter their username and password !

Can you point me to a document on how to authenticate against Machines container using Radius and IAS

Thanks a lot Scott awesome answer

Hall of Fame Super Silver

Re: Wireless authentication .... LDAP or Radius?

Here is a doc for IAS... on step 19, you would "ADD" another policy "Computer Group" or "Windows Group" and select your computer OU.  This is a nice step by step guide.

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080921f67.shtml#chap2

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Re: Wireless authentication .... LDAP or Radius?

New Member

Wireless authentication .... LDAP or Radius?

Awesome docs !

Thanks Scott

Hall of Fame Super Silver

Re: Wireless authentication .... LDAP or Radius?

No problem... Jut keep us posted if you run into any issues.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Wireless authentication .... LDAP or Radius?

Scott thanks for your help

I`m actually going to use Radius since with LDAP integration it`s only available for Web authentication ...

Correct me if i`m wrong ?

Hall of Fame Super Silver

Re: Wireless authentication .... LDAP or Radius?

Radius is the best way in my opinion. Guest users I would use the wlc for local login.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Wireless authentication .... LDAP or Radius?

Thanks Again for your answer Scott

So there is no direct intergration to LDAP for user authentication ... i guess RADIUS will be always my first choice then

Hall of Fame Super Silver

Wireless authentication .... LDAP or Radius?

If you really want to you can, but I personnaly won't do it that way.  Here is a link you might want to look at.

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml

https://supportforums.cisco.com/thread/2055640

-Scott
*** Please rate helpful posts ***
1522
Views
20
Helpful
10
Replies