We deployed ACS 4.0 (NOT ACS SE) and WLAN in our corporate network.
Our ultimate goal is to have each staff authenticated against our AD via ACS.
We managed to get PEAP working successfully, but failed with EAP-TLS.
From the log we noticed that when PEAP is used, ACS forward username to AD in domain-qualified format (domain\user),and authentication is successful.
When EAP-TLS is used, ACS forward username to AD in UPN format ([email protected]), and ACS received "cannot get user account controler for [email protected]" from windows database, authentication failed. Any workaround for this?
Can anyone throw some light here?