9 - 38 WiNG 5.5 Access Point System Reference Guide
7. If using LDAP as the default authentication source, select + Add Row to set LDAP Agent settings.
When a user's credentials are stored on an external LDAP server, the controller or service platform’s local RADIUS server
cannot successfully conduct PEAP-MSCHAPv2 authentication, since it is not aware of the user’s credentials maintained on
the external LDAP server resource. Therefore, up to two LDAP agents can be provided locally so remote LDAP authentication
can be successfully accomplished on the remote LDAP resource using credentials maintained locally.
Authentication Type Use the drop-down menu to select the EAP authentication scheme for local and
LDAP authentication. The following EAP authentication types are supported:
• All – Enables all authentication schemes.
• TLS - Uses TLS as the EAP type
• TTLS and MD5 - The EAP type is TTLS, with default authentication using MD5.
• TTLS and PAP - The EAP type is TTLS, with default authentication using PAP.
• TTLS and MSCHAPv2 - The EAP type is TTLS, with default authentication using
MSCHAPv2.
• PEAP and GTC - The EAP type is PEAP, with default authentication using GTC.
• PEAP and MSCHAPv2 - The EAP type is PEAP with default authentication using
MSCHAPv2. However, when user credentials are stored on an LDAP server, the
RADIUS server cannot conduct PEAP-MSCHAPv2 authentication on its own, as
it is not aware of the password. Use LDAP agent settings to locally
authenticate the user. Additionally, an authentication utility (such as Samba)
must be used to authenticate the user. Samba is an open source software used
to share services between Windows and Linux machine.
Do Not Verify Username Only enabled when TLS is selected in Authentication Type. When selected, user
name is not matched but the certificate expiry is checked.
Enable CRL Validation Select this option to enable a Certificate Revocation List (CRL) check. Certificates
can be checked and revoked for a number of reasons, including the failure or
compromise of a device using a certificate, a compromise of a certificate key pair
or errors within an issued certificate. This option is disabled by default.
Username Enter a128 character maximum username for the LDAP server’s domain administrator.
This is the username defined on the LDAP server for RADIUS authentication requests.
Password Enter and confirm the 32 character maximum password (for the username provided
above). The successful verification of the password maintained on the controller or
service platform enables PEAP-MSCHAPv2 authentication using the remote LDAP
server resource.
Retry Timeout Set the number of Seconds (60 - 300) or Minutes (1 - 5) to wait between LDAP server
access requests when attempting to join the remote LDAP server’s domain. The default
settings is one minute.
Redundancy Define the Primary or Secondary LDAP agent configuration used to connect to the
LDAP server domain.
Domain Name Enter the name of the domain (from 1 - 127 characters) to which the LDAP server
resource belongs.
To Next Page
Loading...
