ACS machine AND user authentication with Mac OS?

Unanswered Question
May 14th, 2010
User Badges:

Is it possible to authenticate MacBook Pro (OS 10.6.2) domain member client the same way as the microsoft domain member clients listed below (...machine AND user creditional authentication via AD, using pacs, etc.)?

ACS 5.1  - Radius

AD identity store

eap-fast machine AND user creditional authentication, using pacs

XP/Vista/Win7 domain member clients authentication flow works correctly

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jatin Katyal Fri, 05/14/2010 - 14:57
User Badges:
  • Cisco Employee,


ACS supports EAP-TLS, EAP-FAST, PEAP (EAP-MSCHAPv2), and PEAP (EAP-GTC) for machine authentication. You can enable each separately on the Active Directory: General Page, which allows a mix of computers that authenticate with EAP-TLS, EAP-FAST, or PEAP (EAP-MSCHAPv2). Microsoft operating systems that perform machine authentication might limit the user authentication protocol to the same protocol that is used for machine authentication.

I think MAC clients does support machine authentication because I have seen machine authentication on MAC clients with VPN so there must be an option for EAP protocol. Now, If MAC clients send the machine authentication in the same format then yes it will works with windows enviorment.

Machine authentication in ACS 5.1




Do rate helpful posts-

Nigel Bowden Mon, 08/23/2010 - 12:54
User Badges:


Did you ever get this  working? I have the same question and am intrigued to know if the MAC OS will support machine authentication.

I've had a good look around, and there doesn't seem to be much information about...



Rod Kreutz Tue, 08/24/2010 - 12:16
User Badges:

No...never got it working, perhaps some changes to the Active Directory schema would be required.


jlhainy Fri, 02/25/2011 - 09:48
User Badges:

I am trying to do the same thing.  I would like to use machine authentication using PEAP on a Mac, but I don't see a setting to tell the mac to use machine auth vs user auth.


This Discussion