Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
785
Views
0
Helpful
3
Replies

ACS with AD-with twin authentication

Go to solution
nikhilcherian
Level 5
Level 5

‎11-25-2011 12:11 PM - edited ‎03-10-2019 06:34 PM

Hi Gurus

I want to integrate my ACS 5.1 with AD, My request is to check for the machine authentication first. If the machine authentication passes the client username/password should be validated and client should be put in vlan X . If the machine authentication fails, the client username/password should be validated. If the authentication passes the client should be put in vlan Y

Let me know if this is possible

Thanks

NikhiL

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎11-26-2011 08:51 AM

Nikhil,

You can setup a condition in your authorization policy and check if the machine authentication was performed and base your result off this condition.

Here is a guide that fits your questions:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/users_id_stores.html#wp1235978

thanks,

Tarik Admani

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎11-26-2011 08:51 AM

Nikhil,

You can setup a condition in your authorization policy and check if the machine authentication was performed and base your result off this condition.

Here is a guide that fits your questions:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/users_id_stores.html#wp1235978

thanks,

Tarik Admani

0 Helpful

Go to solution
nikhilcherian
Level 5
Level 5
In response to Tarik Admani

‎11-26-2011 09:04 AM

Hi Tarik,

Thansks for the reply.

below is a line i found in the doc.

Administrator can configure whether or not MAR is enabled in the AD settings page. However for MAR to work the following limitations must be taken into account:

Machine authentication must be enabled in the authenticating protocol settings

Does this say the authenticator should enable mac-auth

Thanks

NikhiL

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to nikhilcherian

‎11-26-2011 07:48 PM

The wording on this is a little tricky, this means for machine authentication to work (PEAP or EAP-tls) you have to allow the protocol in the rule for it to work on the ACS side. When you click the on the service selection rule for default network access, you will the different protocol boxes checked.

Hope this helps,

Tarik Admani

0 Helpful
Customers Also Viewed These Support Documents