ACS 5.2, WLC, Certificate Authentication

Unanswered Question
Sep 30th, 2010

I have revised this post.

The inital EAP issue was that the client was rejecting the server certificate and it turned out to be a mis-spelling in the certificate on the ACS appliance, but now that this has been resolved I am getting the error that the user is not found in the selected identity store. The user it's trying to authenticate is the computer name against active directory; the computer is a member of the domain and the groups are setup properly. I am using the active directory connector not an ldap connection.

I have seen numerous posts that were similar and the majority of them have no resolution; there has to be something simple being missed, can anyone provide details.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bbxie Thu, 09/30/2010 - 22:38

it seems the client had not installed the CA certificate which is used to validate ACS' server certificate, so get the CA cert and install it in the client.

Scott Fella Sun, 10/03/2010 - 10:44

What error are you seeing in the ACS failed attempts. Are you doing machine and user authentication?  I would always try to do user authentication first and make sure that works then do machine authentication if that is what you eventually want to do. I have had issues like yours, but it was how the client was setup.

Posted from my mobile device.

Kayle Miller Mon, 10/04/2010 - 06:29

It tells me the user is not found in active directory when it attempts to authenticate the computer or the user, yet everything looks formatted correctly. PEAP works but straight EAP-TLS does not.

Scott Fella Mon, 10/04/2010 - 07:42

One thing to check is under the global authentication, make sure you only check what authentication you are using.  Uncheck all the rest.  Verify the windows setup also... see if the CA is listed under the Trusted Root CA, or else uncheck the Validate Server checkbox.

bbxie Mon, 10/04/2010 - 16:03

To troubleshoot it, you need to provide more information, for example:

1. Your configuration screenshot

2. the Radius log, click detail of the failing log, copy and paste all the steps happened for the failed Auth

3. ACS build #


This Discussion



Trending Topics - Security & Network