EAP-TLS machine auth - no AD

Unanswered Question
Mar 13th, 2008

Hi, I have a test environment with Light weight Access Points, 4404 WLC, ACS v4.0, a stand-alone CA and XP wireless clients. Can I get EAP-TLS with machine authentication(certificate based) without requiring an external AD database?

I am getting authentication traffic between the wireless client and the ACS but currently getting an authentication failure code on ACS log saying "external DB not available"

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Scott Fella Thu, 03/13/2008 - 17:39

Did you load the certificate on the machines first? If you are using username and password, then you can set that up in ACS. Do you have ACS setup for external DB and not local DB?

fieus Mon, 04/28/2008 - 06:06

I'm trying to do the same thing without success.

WLC 4404, ACS v3.3, enterprise CA and XP SP2 wireless clients.

I configured the System Conf -> Global Auth Setup for EAP-TLS with SAN/CN/Binary comparison, but then the ACS log complains about "external DB not available"

http://www.cisco.com.ru/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user/o.htm talks about "EAP Authentication Protocol and User Database Compatibility" in table 1.3. From my point of view EAP-TLS should be configurable using the internal ACS db.

Thanks for your support!


taelon_x7 Wed, 05/14/2008 - 11:35

Sounds like you have ACS configured to check an external database if the user authentication fails.


This Discussion



Trending Topics - Security & Network