I'm re-posting something that was on a Cisco forum (by someone else),
but is basically the same situation we're in. I've bolded my
additions.

====
I've been asked to setup a WLC with the Corporate WLAN connecting to
Novell eDirectory using PEAP. There is currently no RADIUS server and
the customer would like to get away without using one if possible. The
setup would be as follows:

LAPTOP -----> AP -----> WLC -----> eDirectory

I'm performing an authenticated LDAP bind to eDirectory. When using
PEAP GTC (Cisco Aironet Wireless card/utility - *or Intel ProSet*) I can
get everything to work without any problems. The problem is that GTC
isn't supported *directly *on Windows XP/7, I'd need some kind of third
party supplicant which the customer isn't really interested in. *Plus
the Intel/Proset drivers are non-OEM and have not behaved 100% on a
couple test laptops.*


The design I have been given has therefore been changed to use PEAP
MSCHAPV2 instead. The designer has pointed out that in the WLC config
guide it says:



Configuring LDAP


This section explains how to configure a Lightweight Directory Access
Protocol (LDAP) server as a backend database, similar to a RADIUS or
local user database. An LDAP backend database allows the controller to
query an LDAP server for the credentials (username and password) of a
particular user. These credentials are then used to authenticate the
user. For example, local EAP may use an LDAP server as its backend
database to retrieve user credentials. See the "Configuring Local EAP"
section for more information.


-Note The LDAP backend database supports these local EAP methods:
EAP-TLS, EAP-FAST/GTC, and PEAPv1/GTC. LEAP, EAP-FAST/MSCHAPv2, and
PEAPv0/MSCHAPv2 are also supported but only if the LDAP server is set up
to return a clear-text password.-

THE RETURNING CLEAR TEXT IS THE KEY ISSUE HERE I BELIEVE - IS THIS
POSSIBLE?



So, in eDirectory I unchecked "Require TLS for simple bind" and
refreshed the NLDAP Server which I believe enables the server to return
a clear-text password. I still can't get PEAP with MSCHAPv2 to work
though.

========== End of re-post


If this cannot be done, is there another way we can approach? Not sure
what RADIUS server is and I've seen other refs/threads to FreeRadius.

Any help will be appreciated. thanks


--
bertschj
------------------------------------------------------------------------
bertschj's Profile: http://forums.novell.com/member.php?userid=4533
View this thread: http://forums.novell.com/showthread.php?t=452073