I'm currently trying to get EAP-TLS working in a lab with machine and client authentication. I have
Laptop -> Aironet AP -> ACS 4.2 -> AD + CA
I have configured autoenrollment of client and machine certificates, which is working fine and have issued a server certificate to the ACS server. Now the problem I have is when using the "Enable machine access restrictions". When I click this option I get the error "External DB user access denied (Machine Access Restriction)". If I do not have this option chosen I can successfully authenticate using EAP-TLS. I have checked some documentation regarding this error and the resolution seems to be "Ensure NAR configured".
Does anyone know what this error is pointing to?