ACS 5.3 EAP-TLS Machine authentication with AD - Failed with 24492
We successfully configured EAP-TLS on the ACS (5.3) for machine authentication using certificate only. I then would like ACS to check whether the machine is in a specific group in AD before permitting the access. The ACS has failed "Machine authentication against AD" code 24492 for all Windows clients, but it works for Mac machines (Yes, those Mac are joining to AD).
What we have configured so far,
- Users and Identity Stores > External Identity Stores > Active Directory
- Enabled Machine authentication
- Select Group name that machines reside
- Users and Identity Stores > External Identity Stores > Ceritificate Authentication Profile, Principal Username X509: Subject Alternative Name
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...