Unanswered Question
Jul 5th, 2010
User Badges:

Hi Pros,

               I am a newbie in the ACS 4.2 and EAP-TLS implementation, with that being said. I face an issue during a EAP-TLS implementation. My search shows that this kind of error message is already certificate issue;However, I have deleted and recreated the certificate in both ACS and the client with the same result. I have deleted and re-install the certchain as well.

When I check my log in the failed attemps, there is what I found:

Date TimeMessage-TypeUser-NameGroup-NameCaller-IDNetwork Access Profile NameAuthen-Failure-CodeAuthor-Failure-CodeAuthor-DataNAS-PortNAS-IP-AddressFilter InformationPEAP/EAP-FAST-Clear-NameEAP TypeEAP Type NameReasonAccess DeviceNetwork Device Group
06/23/201017:39:51Authen failed000e.9b6e.e834Default Group000e.9b6e.e834(Default)EAP-TLS or PEAP authentication failed during SSL handshake....110110.111.22.24....25MS-PEAP..wbr-1121-zozo-testOffice Networ

06/23/201017:39:50Authen failed[email protected]Default Group000e.9b6e.e834(Default)EAP-TLS or PEAP authentication failed during SSL handshake....109810.111.22.24....25MS-PEAP..wbr-1121-zozo-testOffice Network

[email protected]

= my windows active directory name

1. Why under EAP-TYPE it shows MS-PEAP not EAP-TLS? I did configure EAP-TLS....

2. Why sometimes it just shows the MAC of the client for username?

3. Why  it puts me in DEFAULT-GROUP even though i belongs to a group well definy in the acs?

2. Secondly, When I check in pass authentications... there is what i saw

Date TimeMessage-TypeUser-NameGroup-NameCaller-IDNAS-PortNAS-IP-AddressNetwork Access Profile NameShared RACDownloadable ACLSystem-Posture-TokenApplication-Posture-TokenReasonEAP TypeEAP Type NamePEAP/EAP-FAST-Clear-NameAccess DeviceNetwork Device Group
06/23/201017:30:49Authen OKgroszozoNOC Tier Network
06/23/201017:29:27Authen OKgroszozoNOC Tier Network

In the output below, it says that the user is authenticate and it puts the user in the right group with the right username, but the user never really authenticate. Maybe for the first few seconds when I initiate the connection.

Before I forget, the suppliant is using WIN XP and 802.1x is enable. I even uncheck not verify the server and the ACS under External User Databases, I did  check ENABLE EAP-TLS machine authentication.

Thanks in advance for your help,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion



Trending Topics - Security & Network