ACS 5.1 EAP-TLS Issue

Unanswered Question
Jan 5th, 2010
User Badges:

Hi,


I recently installed ACS 5.1 + Cisco WLC 4402 and many LWAP1125 for our new EAP-TLS wireless security standard.

I'm trying to limit wireless access to specific security group in Active Directory.


According to ACS AAA Radius log, I can see ACS is sending correct username information to AD for reference but Active Directory doesn't recognize username within the security group.


Please see below for more details;



Evaluating Identity Policy
15006  Matched Default Rule
22037  Authentication Passed
22023  Proceed to attribute retrieval
24432  Looking up user in Active Directory - Wireless Tester
24412  User not found in Active Directory
22016  Identity sequence completed iterating the IDStores


My ACS configuration for Identity Store is to use certificate based authentication(Default CN Username) method against Active Direcotry.


Under Access Policies -> Service Selection Rule, I have one rule that permits the network access if Radius protocol is used and the user account is a member of specific security group.


I've been reviewing my configuration over and over but couldn't find any flaws. Is there a EAP-TLS deployment guide using ACS 5.1?

Thank you in advance for your help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion

 

 

Trending Topics - Security & Network