"External user not found" with EAP-TLS

Unanswered Question
Jun 26th, 2008
User Badges:

Hi Guys,

I have problem for EAP-TLS.I have environment with AP 1121,ACS 4.2(0) Build 124 Trial,AD Replication,Enterprise CA Server,Client Windows XP install Certificate. Wireless Authecation type PEAP,EAP-TLS

Problem: User on AD can authentication PEAP Susscess but cannot authen EAP-TLS

failure code on ACS log saying Authen-Failure-Code "External user not found"

can you help me to explain the problem

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Scott Fella Thu, 06/26/2008 - 03:42
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Make sure ACS is configured for EAP-TLS. Also look over the configuration on the policy n ACS for the user group. Is that all the logs sya's in ACS? What does the WLC log show? You can run a debug aaa all and see what actually fails.


udom_boon Thu, 06/26/2008 - 05:37
User Badges:

I create local ACS user same AD Wireless can authen EAP-TLS Susscess.

I mapping group on AD same local ACS user.

I not user WLC.I user autonomous solution.

fburejsza Wed, 07/09/2008 - 14:45
User Badges:

When I had this problem it was because ACS could not find the AD domain controller. The domain controller could not be found be cause the DNS servers were incorrectly specified in the IP setup.

You should be able to ping the domain by partial and fully quoalified doman name. If you can't then something, like DNS, needs to be fixed.

ie. ping domain or ping domain.dmnRoot.net


This Discussion



Trending Topics - Security & Network