2006 WLC - Radius\Active Directory Authentication

Discussion in 'Cisco' started by Bruzer79@gmail.com, Jun 1, 2006.

  1. Guest

    Hi -

    I am having an issue with a Cisco 2006 WLC. Here's the setup:

    1 Cisco 2006 Wireless Lan Controller
    4 Aironet 1131AG Access Points

    There two WLAN's, a private lan (WLAN ID 1) and a Public lan (WLAN ID
    2)

    I use a Windows 2003 Server running IAS as a RADIUS server.

    WLAN 1 (Private) Set to WPA\TKIP - using PEAP. The radius server checks
    Active Directory for membership to a group before granting access, so
    long as you have the right Certificate.

    This works fine, all day long.

    WLAN 2 (Public) Set to no security\open. It is set to use Web
    Authentication. (You know, like browsing inside a starbucks etc.
    Automatically connect to the AP, but traffic is redirected to a Web
    Based log in before actually passing)

    When I attempt to authenticate with the same user account that worked
    for the private wireless network (currently, they work on the same
    remote access policy on the radius server) I am repeatedly
    unsuccessful.

    How ever, if I specify a Local Net User (Local to the WLC) Web
    Authentication works fine.

    The bottom line here is:

    I need Web Based Authentication to work against Active Directory.

    I've followed the Configuration Example on Cisco.Com, but this
    environment varies slighty. In that example, ACS is used as the Radius
    server, whereas I want to Use a windows2003 server running IAS.

    Any thoughts, comments, etc?

    Much appreciated.
    , Jun 1, 2006
    #1
    1. Advertising

  2. So you're having problems authenticating webauth clients to IAS eh?

    I guess I would telnet/ssh/console into the WLC, then turn on
    "debug aaa all enable", then have a client try to webauth to IAS,
    and see what happens.

    Also get the IAS log (however you do that.)

    Regards,

    Aaron

    ---

    ~ Hi -
    ~
    ~ I am having an issue with a Cisco 2006 WLC. Here's the setup:
    ~
    ~ 1 Cisco 2006 Wireless Lan Controller
    ~ 4 Aironet 1131AG Access Points
    ~
    ~ There two WLAN's, a private lan (WLAN ID 1) and a Public lan (WLAN ID
    ~ 2)
    ~
    ~ I use a Windows 2003 Server running IAS as a RADIUS server.
    ~
    ~ WLAN 1 (Private) Set to WPA\TKIP - using PEAP. The radius server checks
    ~ Active Directory for membership to a group before granting access, so
    ~ long as you have the right Certificate.
    ~
    ~ This works fine, all day long.
    ~
    ~ WLAN 2 (Public) Set to no security\open. It is set to use Web
    ~ Authentication. (You know, like browsing inside a starbucks etc.
    ~ Automatically connect to the AP, but traffic is redirected to a Web
    ~ Based log in before actually passing)
    ~
    ~ When I attempt to authenticate with the same user account that worked
    ~ for the private wireless network (currently, they work on the same
    ~ remote access policy on the radius server) I am repeatedly
    ~ unsuccessful.
    ~
    ~ How ever, if I specify a Local Net User (Local to the WLC) Web
    ~ Authentication works fine.
    ~
    ~ The bottom line here is:
    ~
    ~ I need Web Based Authentication to work against Active Directory.
    ~
    ~ I've followed the Configuration Example on Cisco.Com, but this
    ~ environment varies slighty. In that example, ACS is used as the Radius
    ~ server, whereas I want to Use a windows2003 server running IAS.
    ~
    ~ Any thoughts, comments, etc?
    ~
    ~ Much appreciated.
    Aaron Leonard, Jun 2, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul Mclean
    Replies:
    1
    Views:
    2,986
    Scott Lowe
    Nov 29, 2004
  2. webspider
    Replies:
    3
    Views:
    2,949
  3. Andy

    WLC 2006

    Andy, May 5, 2007, in forum: Cisco
    Replies:
    2
    Views:
    443
  4. Andy

    WLC 2006

    Andy, Jun 1, 2007, in forum: Cisco
    Replies:
    3
    Views:
    3,825
  5. Andy

    WLC 2006

    Andy, Jun 14, 2007, in forum: Cisco
    Replies:
    2
    Views:
    651
Loading...

Share This Page