Is it possible to authenticate MacBook Pro (OS 10.6.2) domain member client the same way as the microsoft domain member clients listed below (...machine AND user creditional authentication via AD, using pacs, etc.)?
ACS 5.1 - Radius
AD identity store
eap-fast machine AND user creditional authentication, using pacs
XP/Vista/Win7 domain member clients authentication flow works correctly
Re: ACS machine AND user authentication with Mac OS?
ACS supports EAP-TLS, EAP-FAST, PEAP (EAP-MSCHAPv2), and PEAP (EAP-GTC) for machine authentication. You can enable each separately on the Active Directory: General Page, which allows a mix of computers that authenticate with EAP-TLS, EAP-FAST, or PEAP (EAP-MSCHAPv2). Microsoft operating systems that perform machine authentication might limit the user authentication protocol to the same protocol that is used for machine authentication.
I think MAC clients does support machine authentication because I have seen machine authentication on MAC clients with VPN so there must be an option for EAP protocol. Now, If MAC clients send the machine authentication in the same format then yes it will works with windows enviorment.
Show Name: Thoughts on Security at Cisco Live US 2018 in Orlando
Contributors: Kevin Klous, David White Jr., Aaron Woland, Jeff Fanelli
Posting Date: June 2018
Description: The team goes on-site in the Cisco Live Speaker room in...
RADIUS and Symantec VIP.
I will use screenshots of ASDM, and at the end I will add the required CLI commands. the diagram below show a diagram of the steps the FW goes through when using 2FA authentication:
As you can see in Fig. 1&nbs...