9 - 48 WiNG 5.6 Access Point System Reference Guide
6. Set the following Authentication parameters to define server policy authorization settings.
7. If using LDAP as the default authentication source, select + Add Row to set LDAP Agent settings.
When a user's credentials are stored on an external LDAP server, the controller or service platform’s local RADIUS server
cannot successfully conduct PEAP-MSCHAPv2 authentication, since it is not aware of the user’s credentials maintained on
Local Realm Define the LDAP Realm performing authentication using information from an
LDAP server. User information includes user name, password, and the groups to
which the user belongs.
Default Source Select the RADIUS resource for user authentication with this server policy.
Options include Local for the local user database or LDAP for a remote LDAP
resource. The default setting is Local
Default FallBack Select this option to indicate that fall back from RADIUS to local is enabled incase
RADIUS authentication is not available for any reason. This option is only enabled
when LDAP is selected as the Default Source.
Use the Add Row button to add fallback sources into the Sources table. Provide
the following information:
• Source – Select the type of fallback. Select from LDAP or Local
• Fallback – Select to enable fallback on this record.
• SSID – Enter the SSID to fall back on.
• Precedence – Use the spinner to select the precedence for selection of
fallback.
Authentication Type Use the drop-down menu to select the EAP authentication scheme for local and
LDAP authentication. The following EAP authentication types are supported:
• All – Enables all authentication schemes.
• TLS - Uses TLS as the EAP type
• TTLS and MD5 - The EAP type is TTLS, with default authentication using MD5.
• TTLS and PAP - The EAP type is TTLS, with default authentication using PAP.
• TTLS and MSCHAPv2 - The EAP type is TTLS, with default authentication using
MSCHAPv2.
• PEAP and GTC - The EAP type is PEAP, with default authentication using GTC.
• PEAP and MSCHAPv2 - The EAP type is PEAP with default authentication using
MSCHAPv2. However, when user credentials are stored on an LDAP server, the
RADIUS server cannot conduct PEAP-MSCHAPv2 authentication on its own, as
it is not aware of the password. Use LDAP agent settings to locally
authenticate the user. Additionally, an authentication utility (such as Samba)
must be used to authenticate the user. Samba is an open source software used
to share services between Windows and Linux machine.
Do Not Verify Username Only enabled when TLS is selected in Authentication Type. When selected, user
name is not matched but the certificate expiry is checked.
Enable CRL Validation Select this option to enable a Certificate Revocation List (CRL) check. Certificates
can be checked and revoked for a number of reasons, including the failure or
compromise of a device using a certificate, a compromise of a certificate key pair
or errors within an issued certificate. This option is disabled by default.
To Next Page
Loading...
