Machine authentication and MAR not working.

Unanswered Question
Oct 2nd, 2008
User Badges:

Hi, I'm using ACS 4.1.23 with MS AD for authentication in a wireless network environment. Users connect to one of the (Suppliers and Employees) SSID's and based on group authorization in AD are allowed to access. The SSID to the Employees network has an additional policy: only registered hosts in AD are allowed. For authentication is the standard MS supplicant used with PEAP-MSCHAPV2 configured.

According to the Cisco documentation ACS supports Machine Authentication and in combination with MAR, authenticated hosts required before user authentication, is possible.

BUT, it doesn't work. I do see successful host and user authentication, but the MAR policy doesn't kick in when a user authenticates without host authentication. I was able to turn debug logging for the CSAuth service, giving me the extra information in the AUTH.log.

I have no clue what is missing or how to troubleshoot from this point on.

Has anyone got this setup working or help me a step further ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mvengelen Fri, 10/10/2008 - 08:10
User Badges:

Found it !

Within the MAR configuration, the "host/" definition is required for ACS to identify hosts.

ACS has the worst GUI of all software I know of ... :-(


This Discussion