Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authentication Protocols using openLDAP

efelipe_
New Contributor
‎10-17-2011 12:19:PM
‎10-17-2011 12:19:PM

Authentication Protocols using openLDAP

Im trying to configure ic-4500 as 802.1X RADIUS against OpenLDAP.Users have fedoraÇs supplicant.

I think the best method of authentication protocols is EAP-TTLS with PAP. But IÇm not sure about the certificates requarements I need

I think I only need to establish tunnel between supplicant and IC:

- On IC 4500; server certificate and root CA certificate.

- On suplicants; root CA certificate.

Do you think that is correct? Is there a better way?

Best regards,

EF

0 Kudos
5 REPLIES 5
Raveen_
Regular Contributor
‎10-17-2011 09:57:PM
‎10-17-2011 09:57:PM

Re: Authentication Protocols using openLDAP

Yes, your understnading is correct!

You need have root CA and server certificate installed in IC appliance.

And Truster server CA be installed in supplicant machine.

Regards,

Raveen

0 Kudos
efelipe_
New Contributor
‎10-18-2011 02:11:AM
‎10-18-2011 02:11:AM

Re: Authentication Protocols using openLDAP

Is it possible using EAP-TTLS with cisco L2 switches?

I monitoring traffic betwen cisco SW and IC and I see nothing, before I have this configuration for IAS in SW and work well:

interface FastEthernet0/1
description "USER"
switchport mode access
dot1x port-control auto
spanning-tree portfast

Regards,

EF

0 Kudos
Raveen_
Regular Contributor
‎10-18-2011 02:22:AM
‎10-18-2011 02:22:AM

Re: Authentication Protocols using openLDAP

Have you configured IC as radius server ?

You may check the ip-address and port number configured.

Please attach switch running configuration.

0 Kudos
efelipe_
New Contributor
‎10-18-2011 04:37:AM
‎10-18-2011 04:37:AM

Re: Authentication Protocols using openLDAP

Yes I think IC-4500 is configured as RADIUS, because before I changed the IAS with IC and works fine (using MS-CHAP).

But now I need use IC for linuxÇs user in LDAP....this is the reason to use EAP-TTLS with PAP.

See the confugration attached.

Thank you.

EF

0 Kudos
efelipe_
New Contributor
‎10-18-2011 11:42:AM
‎10-18-2011 11:42:AM

Re: Authentication Protocols using openLDAP

Ok, now itÇs working....it wasnÇt problem of switch configuration.

The problem is in the supplicant, they canÇt validate certificated server, for the moment I solve the problem unvalidated server certifitate in the supplicant.

Best regards,

EF

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.