Authentication Failure in Cisco Secure ACS v4.1

Unanswered Question
May 15th, 2008
User Badges:

Hi, I added a user in the Cisco Secure ACS and I am getting the following Authen-Failure-Code in Failed Attempts:

EAP-TLS or PEAP authentication failed during SSL handshake.


When I run Support in System Configuration > Support, I get the following in the auth.log:

AUTH 05/15/2008 16:55:40 I 0928 3320 AuthenProcessResponse: process response for 'FE:A3:C4:00:32:40'

AUTH 05/15/2008 16:55:40 E 0381 3320 EAP: TLS: ProcessResponse: SSL handshake failed, status = 3 (SSL send alert fatal:decode error)

AUTH 05/15/2008 16:55:40 E 0381 3320 EAP: TLS: ProcessResponse: SSL ext error reason: 87 (Ext error code = 0)

AUTH 05/15/2008 16:55:40 E 0381 3320 EAP: TLS: ProcessResponse(1519): mapped SSL error code (3) to -2120


Does anybody know, what the issue could be. I was able to find info about 2120, but don't know what exactly this means, other than that the authentication failed:

UDB_EAP_TLS_HANDSHAKE_FAILED


Thank you,

Jutta


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Sat, 05/17/2008 - 05:13
User Badges:
  • Red, 2250 points or more

Jutta,

SSL alert fatal:decode error: That means basically, the client has a problem with decoding the root certificate.


Please make sure that client has CA installed. If you are doing peap and uncheck validate server certificate on wireless setting on the client.



Regards,

~JG


Do rate helpful posts

Actions

This Discussion