Белая книга для Cisco Cisco 2106 Wireless LAN Controller
Configure Unified Wireless Network for Authentication Against Novell's eDirectory Database - Cisco Systems
http://kbase/paws/servlet/ViewFile/112137/novell-edirectory-00.xml?convertPaths=1#related[10/7/2010 11:21:40 AM]
|
Contents
Related Documents
Related
Products/Technology
•
•
•
•
•
•
•
•
•
•
Related Discussion
•
•
•
•
•
Products & Services
Configure Unified Wireless Network for Authentication Against
Novell's eDirectory Database
Document ID: 112137
Introduction
In the K-12 education space, there has been an increasing need to authenticate wireless users via accounts created
within Novell's eDirectory. Due to the distributed nature of the K-12 environment, the individual schools may not
have the resources to place a RADIUS server at every site nor do they desire the additional overhead of configuring
these RADIUS servers. The only way to accomplish this is by using LDAP to communicate between the Wireless
LAN Controller (WLC) and an LDAP server. Cisco Wireless LAN Controllers support Local EAP authentication
against external LDAP databases such as Microsoft Active Directory. This white paper documents a Cisco WLC
configured for Local EAP Authentication against Novell's eDirectory enabled as a full-featured LDAP server. One
caveat to note – the tested clients were using Cisco Aironet Desktop Utility to perform 802.1x authentication. Novell
currently does not support 802.1x with their client at this time. As a result, depending on the client, a two-stage login
process could occur. Note these references:
within Novell's eDirectory. Due to the distributed nature of the K-12 environment, the individual schools may not
have the resources to place a RADIUS server at every site nor do they desire the additional overhead of configuring
these RADIUS servers. The only way to accomplish this is by using LDAP to communicate between the Wireless
LAN Controller (WLC) and an LDAP server. Cisco Wireless LAN Controllers support Local EAP authentication
against external LDAP databases such as Microsoft Active Directory. This white paper documents a Cisco WLC
configured for Local EAP Authentication against Novell's eDirectory enabled as a full-featured LDAP server. One
caveat to note – the tested clients were using Cisco Aironet Desktop Utility to perform 802.1x authentication. Novell
currently does not support 802.1x with their client at this time. As a result, depending on the client, a two-stage login
process could occur. Note these references:
Novell 802.1x Statement
"Currently, they must log in twice. When the Novell Client is installed, a user must log in using the Workstation Only
check box on the initial login dialog to allow 802.1x user authentication when the desktop is initialized, and then they
must log in to the Novell network using the "red N" login utility. This is referred to as a two-stage login."
check box on the initial login dialog to allow 802.1x user authentication when the desktop is initialized, and then they
must log in to the Novell network using the "red N" login utility. This is referred to as a two-stage login."
An alternative to the "workstation only login" is to configure the Novell Client to use "Initial Novell Login=Off" in the
Advanced Login settings (the default is "Initial Novell Login=On"). For more information, refer to
Advanced Login settings (the default is "Initial Novell Login=On"). For more information, refer to
.
Third party clients such as Meetinghouse Aeigs Client (Cisco Secure Services Client) a Novell Technology Partner
may not require a double login. For more information, refer to
.
Another viable workaround for the Novell client is to have the machine (or user) authenticate (802.1x) to the WLAN prior to the Novell GINA being
executed.
executed.
Testing a solution for Single Sign On with the Novell client and 802.1x is beyond the scope of this white paper.
Tested Topology
Solution Tested
Cisco Wireless LAN Controller with 6.0.188.0 software
Cisco Aironet LWAPP AP 1242AG
Windows XP with Cisco Aironet Desktop Utility 4.4
Worldwide [
|
|
Search