I was trying to use ldap as an external db to authenticate users via dot1x. I am use peap with mschap. I get an error that mschap is not support via ldap. I am assuming this is not possible, and the only option is TLS or GTC, but I do not think the built in windows supplicant supports PEAPv1 (or EAP-GTC). Does anyone know if this is correct, or how to get dot1x to authenticate via ldap without using certs or another dot1x supplicant? Thanks
_____ From: Dave Craddock [mailto:[email protected]] Sent: Thursday, October 29, 2009 4:17 AM To: Shawn H. Mesiatowsky; [email protected] Subject: RE: [OSL | CCIE_Security] ACS 4.2 and ldap I have has some issues when the users are in different containers within the ldap. But apart from that no problems From: [email protected] [mailto:[email protected]] On Behalf Of Shawn H. Mesiatowsky Sent: 29 October 2009 00:29 To: [email protected] Subject: Re: [OSL | CCIE_Security] ACS 4.2 and ldap That's Awsome, It worked like a charm. Is there any down side to using ldap instead of the cisco remote agent? Just wondering if you have a link for a reference? I searched high and low for these values. I knew the ObjectClass, but had no idea what the ObjectType was. Thanks for your help Dave! From: Dave Craddock [mailto:[email protected]] Sent: Wednesday, October 28, 2009 5:07 PM To: Shawn H. Mesiatowsky; [email protected] Subject: RE: [OSL | CCIE_Security] ACS 4.2 and ldap Hi Shawn If it's the ldap attribs that you need UserObjectType = sAMAccountName UserObjectClass = person GroupObjectType = cn GroupObjectClass = group Group Attribute = member HTH Dave From: [email protected] [mailto:[email protected]] On Behalf Of Shawn H. Mesiatowsky Sent: 28 October 2009 21:46 To: [email protected] Subject: [OSL | CCIE_Security] ACS 4.2 and ldap Does anyone know the value to configure acs to use ldap to authenticate against microsoft AD?
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
