Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WLC integration with LDAP (Active Directory)

Hi All, I would like to integrate Active Directory with Wireless controller. Can any one help me on this how can I do this? what will be the settings for users laptop? peap or LEAP

9 REPLIES
New Member

Re: WLC integration with LDAP (Active Directory)

According to our SE, integration w/ Active Directory via LDAP is currently not supported.

It had something to do w/ how the password is wrapped...can't remember the details now.

We use ACS for AAA via RADIUS so it's not a problem for us.

If you have MS IAS that can support RADIUS then maybe that'll work.

New Member
New Member

Re: WLC integration with LDAP (Active Directory)

I should've clarified...WLC supports Microsoft AD via LDAP, but only for EAP-FAST, and EAP-TLS.

If you plan on using it for PEAP, it won't work.

I'm told a new maintenance release will be out in June.

Maybe the limitation will be removed then.

Open a TAC case or check w/ your SE to make sure my info is up to date.

New Member

Re: WLC integration with LDAP (Active Directory)

Thanks for your help. Could you please let me know if i integrate wlc with AD directly then what would be configuration for windows PC. Means like we configure for PEAP for windows wireless client.

Thanks

Silver

Re: WLC integration with LDAP (Active Directory)

PEAP + AD + Local EAP on controllers = not work.

PEAP + AD + controllers + RADIUS server = work just fine.

New Member

Re: WLC integration with LDAP (Active Directory)

I dont understand then what would be the configuration on windows clients Pc/Laptops if I integrate WLC with AD...any idea

Silver

Re: WLC integration with LDAP (Active Directory)

What settings, specifically, are you unsure about?

New Member

Re: WLC integration with LDAP (Active Directory)

what I mean is if I integrate WLC with AD directly without ACS. Then what should be setting on windows Clients' laptop. Like for PEAP there is option to select PEAP & then MSCHAPv2 settings on client laptops.

I hope you got my point.

Silver

Re: WLC integration with LDAP (Active Directory)

Here's what Cisco says about supported EAP methods for a Local EAP solution:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Local EAP can use an LDAP server as its backend database to retrieve user credentials.

An LDAP backend database allows the controller to query an LDAP server for the credentials (username and password) of a particular user. These credentials are then used to authenticate the user.

The LDAP backend database supports these Local EAP methods:

EAP-FAST/GTC

EAP-TLS

PEAPv1/GTC.

LEAP, EAP-FAST/MSCHAPv2, and PEAPv0/MSCHAPv2 are also supported, but only if the LDAP server is set up to return a clear-text password. For example, Microsoft Active Directory is not supported because it does not return a clear-text password. If the LDAP server cannot be configured to return a clear-text password, LEAP, EAP-FAST/MSCHAPv2, and PEAPv0/MSCHAPv2 are not supported.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

GTC is not supported by default on Windows systems, so you would have to install a third-party wireless client such as Cisco CSSC.

2612
Views
5
Helpful
9
Replies
CreatePlease login to create content