"External user not found" with EAP-TLS

Unanswered Question
Jun 26th, 2008

Hi Guys,

I have problem for EAP-TLS.I have environment with AP 1121,ACS 4.2(0) Build 124 Trial,AD Replication,Enterprise CA Server,Client Windows XP install Certificate. Wireless Authecation type PEAP,EAP-TLS

Problem: User on AD can authentication PEAP Susscess but cannot authen EAP-TLS

failure code on ACS log saying Authen-Failure-Code "External user not found"

can you help me to explain the problem

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Scott Fella Thu, 06/26/2008 - 03:42

Make sure ACS is configured for EAP-TLS. Also look over the configuration on the policy n ACS for the user group. Is that all the logs sya's in ACS? What does the WLC log show? You can run a debug aaa all and see what actually fails.

http://www.cisco.com/en/US/docs/wireless/controller/4.1/command/reference/clic1.html#wp3494693

udom_boon Thu, 06/26/2008 - 05:37

I create local ACS user same AD Wireless can authen EAP-TLS Susscess.

I mapping group on AD same local ACS user.

I not user WLC.I user autonomous solution.

fburejsza Wed, 07/09/2008 - 14:45

When I had this problem it was because ACS could not find the AD domain controller. The domain controller could not be found be cause the DNS servers were incorrectly specified in the IP setup.

You should be able to ping the domain by partial and fully quoalified doman name. If you can't then something, like DNS, needs to be fixed.

ie. ping domain or ping domain.dmnRoot.net

Actions

Login or Register to take actions

This Discussion

Posted June 26, 2008 at 1:54 AM
Stats:
Replies:3 Overall Rating:
Views:1697 Votes:0
Shares:0
Tags: No tags.
 

Discussions Leaderboard

Rank Username Points
1
Scott Fella
3,325
2
Stephen Rodriguez
1,515
3
George Stefanick
1,299
4
Leo Laohoo
800
5
Manannalage ras...
651
Rank Username Points
Manannalage ras...
28
Scott Fella
15
George Stefanick
15
Stephen Rodriguez
15
V B
13

Trending Topics - Security & Network