TLS Authentication

Unanswered Question
Mar 11th, 2010
User Badges:

We are using Windows server 2003 with software CiscoSecure ACS 4.1. On client laptop runs OS Windows XP SP3 and Intel ProSet Wireless 11.5 software. I've created machine certiface for laptop and in Cisco ACS in "Certificate Trust List" select our CA certificate.


I configured Intel ProSet software like this:


TLS.JPG


In log -> Failed attempts:


Failed attempts.JPG


We don't use active directory but Samba LDAP. So the question is what is the procedure to configure Cisco ACS to allow connect laptop to it? How does Cisco ACS know which computer is trying to connect? There must be some connection with LDAP, but how to do that?


Is anyone try that? Can someone tell me how this works and what should I do?!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Robert.N.Barrett_2 Thu, 03/11/2010 - 11:54
User Badges:
  • Bronze, 100 points or more

Your error message below looks like you have a lower-level certificate trust problem to solve.  For TLS to work properly, the certificate from the client (the laptop) must be trusted by the ACS server.  Also, the ACS server certificate must be trusted by the client (unless you disable the server certificate check on the client).  If you are using EAP-TLS authentication, then you are not required to do any LDAP authentication.  The certificate from the client is the "identity" of the client.

goldy1234 Tue, 03/16/2010 - 08:33
User Badges:

Still the same error

What else could be wrong? Is there any option to see verbose logging?



Global Authentication Setup settings:

Actions

This Discussion

 

 

Trending Topics - Security & Network