Hi, you are right, this will never work, since web authentication via LDAP is not supported before 5.x releases. (in the GUI you can verify that there is no option to choose the web auth priority order, which can be done in later WLC versions)
See the WLC 5.0.148.0 release notes for more information: http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn501480.html New Guest Access Features [...] *LDAP support-In controller software release 5.0.148.0, the controller supports web authentication using LDAP. Regarding the certificates: you can import any certificate for the local computer account using the management console and the certificate snap in. So if you take care of using the proper hostname for the certificate it should work via openssl. But to be honest ... I have never tried it :) Regards Stefan Von: [email protected] [mailto:[email protected]] Im Auftrag von Raul Manzano Gesendet: Sonntag, 09. Jänner 2011 13:36 An: [email protected] Betreff: [CCIE Wireless] Web authentication using LDAP in 4.2 version - Computer certificates Hi guys. Finalizing the preparation for my first attemp to the lab, I found a problem using ldap for the authetication of my guest clients using a webauth method. In fact the problem is I can´t see any attemps to ask to LDAP database from the WLC, and I 'm starting to think whether this authentication method is supported in this software version. The LDAP database is a Windows AD. WLC version 4.2 I applied the following document and although the version used is 5.1 I supposed that really should work. http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml Any idea???; this afternoon I hope to capture the output for the WLC "debug aaa all enable" but I advance that shows nothing. About computer certificates; is there any way to issue a computer certificate for a non domain computer through Microsoft CA?; because using the web GUI there is not possibility; the only way is using autoenrollment when the computer belongs to the domain; other posibility (not used yet but tomorrow I will try it) could be using openssl like Cisco explains in this document. http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml What do you think, guys??? Thanks. Best Regards.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
