Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
473
Views
0
Helpful
1
Replies

ISE wired TLS with group mapping

tsgruu2000
Level 1
Level 1

‎01-15-2014 11:21 PM - edited ‎03-10-2019 09:17 PM

Hi. We authenticate wired clients using EAP-TLS with Computer Certificates. This works fine so far. Now we need an authorization with LDAP and set the VLAN based on the AD Group of the Computer. Is there a way to use the CN of the Certificate and retrieve the Attributes of the Client over LDAP?

Does anybody know how this could be done?

Regards,

Urs

Labels:
0 Helpful
1 Reply 1

Tarik Admani
VIP Alumni
VIP Alumni

‎01-16-2014 05:24 AM

You should be able to do this, as long as the cn name is in the corrext format which for computer certificates it ahould be fine. Setup the ldap external store, find the grouo and map that to your authz policy.


Sent from Cisco Technical Support Android App

0 Helpful
Customers Also Viewed These Support Documents