ACS 5.2, WLC 7.0.98.0, Certificate Authentication

Unanswered Question
Sep 30th, 2010
User Badges:
  • Silver, 250 points or more

I have revised this post.


The inital EAP issue was that the client was rejecting the server certificate and it turned out to be a mis-spelling in the certificate on the ACS appliance, but now that this has been resolved I am getting the error that the user is not found in the selected identity store. The user it's trying to authenticate is the computer name against active directory; the computer is a member of the domain and the groups are setup properly. I am using the active directory connector not an ldap connection.


I have seen numerous posts that were similar and the majority of them have no resolution; there has to be something simple being missed, can anyone provide details.


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bbxie Thu, 09/30/2010 - 22:38
User Badges:
  • Silver, 250 points or more

it seems the client had not installed the CA certificate which is used to validate ACS' server certificate, so get the CA cert and install it in the client.

Kayle Miller Fri, 10/01/2010 - 07:16
User Badges:
  • Silver, 250 points or more

The certificate was installed but there was a mis-spelling

Scott Fella Sun, 10/03/2010 - 10:44
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

What error are you seeing in the ACS failed attempts. Are you doing machine and user authentication?  I would always try to do user authentication first and make sure that works then do machine authentication if that is what you eventually want to do. I have had issues like yours, but it was how the client was setup.

Posted from my mobile device.

Kayle Miller Mon, 10/04/2010 - 06:29
User Badges:
  • Silver, 250 points or more

It tells me the user is not found in active directory when it attempts to authenticate the computer or the user, yet everything looks formatted correctly. PEAP works but straight EAP-TLS does not.

Scott Fella Mon, 10/04/2010 - 07:42
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

One thing to check is under the global authentication, make sure you only check what authentication you are using.  Uncheck all the rest.  Verify the windows setup also... see if the CA is listed under the Trusted Root CA, or else uncheck the Validate Server checkbox.

bbxie Mon, 10/04/2010 - 16:03
User Badges:
  • Silver, 250 points or more

To troubleshoot it, you need to provide more information, for example:

1. Your configuration screenshot

2. the Radius log, click detail of the failing log, copy and paste all the steps happened for the failed Auth

3. ACS build #

Actions

This Discussion

 

 

Trending Topics - Security & Network