Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
309
Views
0
Helpful
1
Replies

Machine authentication and MAR not working.

mvengelen
Level 1
Level 1

‎10-02-2008 03:14 AM - edited ‎03-10-2019 04:07 PM

Hi, I'm using ACS 4.1.23 with MS AD for authentication in a wireless network environment. Users connect to one of the (Suppliers and Employees) SSID's and based on group authorization in AD are allowed to access. The SSID to the Employees network has an additional policy: only registered hosts in AD are allowed. For authentication is the standard MS supplicant used with PEAP-MSCHAPV2 configured.

According to the Cisco documentation ACS supports Machine Authentication and in combination with MAR, authenticated hosts required before user authentication, is possible.

BUT, it doesn't work. I do see successful host and user authentication, but the MAR policy doesn't kick in when a user authenticates without host authentication. I was able to turn debug logging for the CSAuth service, giving me the extra information in the AUTH.log.

I have no clue what is missing or how to troubleshoot from this point on.

Has anyone got this setup working or help me a step further ?

Labels:
0 Helpful
1 Reply 1

mvengelen
Level 1
Level 1

‎10-10-2008 08:10 AM

Found it !

Within the MAR configuration, the "host/" definition is required for ACS to identify hosts.

ACS has the worst GUI of all software I know of ... :-(

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents