I am trying to get eap-tls working on my wireless network, with machine authentication. I have followed the numerous configuration guides on CCO but seem to be running around in circles. So can someone please give me a sanity check.
MS CA (Windows 2008 Server)
MS DC (Windows 2003 Server)
ACS 4.2 (Windows 2003 Server)
WLC 4402 (5.2)
Client MS XP SP3
I have confirmed that the certficates are valid on both the ACS and client.
The problem I have is, I see the client associate, but fails authentication. I look in the ACS failed log attempts, I see:
13/07/2009 11:19:17 Authen failed host/e26458.internal.company Default Group 00-12-F0-82-77-2D (Default) External user not found .. .. 1 10.10.10.100 .. .. 13 EAP-TLS .. TWLC01 CITY
I have configured ACS for Unkown User Policy and have the client e26458 in AD.
I would like some advice from some people who have successfuly implemented EAP-TLS, as I have hit a brick wall. I have attached the results of the debug aaa events enable,debug aaa detail enable,
debug dot1x events enable,debug dot1x states enable on the WLC.