ACS 5.2 EAP-TLS Binary Certificate Comparison via LDAP
i have a wireless deplyoment with WLC 5508, ACS 5.2 and several AD connected by LDAP. It is required that users are authenticated by certificates additional the user should only get access to the wireless environment when the user is found in a certain security group in the Microsoft AD forrest.
The certificate based authentication is working without any problems, except the lookup into the AD isn't working. Here are the Details of the "Evaluting Identity Policy"
Evaluating Identity Policy
15004 Matched rule
22037 Authentication Passed
22023 Proceed to attribute retrieval
24031 Sending request to primary LDAP server
24016 Looking up user in LDAP Server - Alex Dersch
24008 User not found in LDAP Server
22015 Identity sequence continues to the next IDStore
24209 Looking up Host in Internal Hosts IDStore - Alex Dersch
24217 The host is not found in the internal hosts identity store.
22016 Identity sequence completed iterating the IDStores
but the user can access the WLAN just without verifying the user in the AD.
i tried the to enable Binary Comparisation but then the Authentication is not working any more. I get the same Identity Policy result as above.
i configured the Binary Comparisation as below:
I though with the binary comparisation i'll be able to verify the existance and the status of an user in the Active Directory. Am I wrong?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...