×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

MAC OS-X - Machine-Authentication via ACS 5.x

Unanswered Question
Jan 8th, 2012
User Badges:

My customer has a large deployment of MACs running OS-X. He wants to authenticate the clients through an ACS server (ACS 5.2.0.26) and Open LDAP by using the clients MAC addresses and dynamically move them to a specific SSID, if connected to WLAN.

All clients are stored within LDAP with the MAC addresses.


Clients can be connected either via WLAN (WLC 5508) or wired via switches


I'm able to authenticate the users but the clients themself never get access to the network. I saw in several discussions that MACs are not able to do machine-authentication since they don't provide something like Host/ as Windows clients do.


My questions:

1. Has somebody made the same experiences ?

2. Has somebody been able to get this running ?

3. Can anyone provide me a link or config example of ACS to


Scheme:


MAC ------- LWAPP -------WLC 5508 -------------------- ACS------------------------Open LDAP

OS-X                            7.0.116.0                        5.0.2.26


Any hints or tipps are very much appreciated


Many thanks in advance and best regards


Roman     

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
camejia Mon, 01/09/2012 - 10:12
User Badges:
  • Silver, 250 points or more

Hello,


You can get Macintosh machine authentication working with ACS but it is a little bit tricky. You can refer to:


https://supportforums.cisco.com/docs/DOC-15477


Also, if needed Apple Support should be involved if assistance is needed configuring the client side.


Hope this helps.


Regards.

rhub Mon, 01/09/2012 - 23:10
User Badges:

Hello Carlos,

many thanks for your post. If I understood the referred doc right they use EAP-TLS with certificates for machine authentication but my customer only wants to check the clients against their MAC-adresses which are stored in Open LDAP directory.

I really appreciate any further hints or tipps.


Regards

Actions

This Discussion