Mike, Unfortunately, I do not have a suggestion, but just a caution. I do not know the size of your organization, but be aware that Microsoft AD groups with more than 1500 members cannot be queried properly with generic LDAP. You will only get the first 1500 members.
In my experience here at Liberty University, OpenLDAP & Cisco ACS 4 (& I expect, 5) will not work. We are moving to using Microsoft NOS server on Server 2008R2 for RADIUS. According to the standard, LDAP extensions are supposed to be optional. In this case, Microsoft makes the extension mandatory. Bruce Osborne Liberty University From: Williams, Mr. Michael [mailto:[email protected]] Sent: Friday, January 21, 2011 10:56 AM Subject: Link LDAP groups to Separate SSIDs for Authentication All, I have been trying to figure this out but have been unable to find a solution. Here is what we are trying to do. 1 wireless SSID that is open network which uses a web portal for authentication- this would be the student network 1 wireless SSID that using 802.1x w/WPA and a splash page -this would be used for Fac/Staff Is it possible to link the Student SSID to only the Student group in LDAP and the Fac/Staff SSID to only the Fac/Staff using LDAP? We need want to keep the Fac/Staff folks from using the open network. Does anyone have a similar requirements. We have a Cisco ACS that is linked to LDAP/AD, a WISM and WCS. v/r Mike Michael M. Williams Network Systems Analyst Information Technology Services Tarleton State University Information Technology Services staff will never ask for your password in an email. Don't ever email your password to anyone or share confidential information in emails. Confidentiality Notice: This electronic message, including any attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
