Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1778
Views
0
Helpful
2
Replies

MAC OS-X - Machine-Authentication via ACS 5.x

rhub
Level 1
Level 1

‎01-08-2012 03:38 AM - edited ‎03-10-2019 06:41 PM

My customer has a large deployment of MACs running OS-X. He wants to authenticate the clients through an ACS server (ACS 5.2.0.26) and Open LDAP by using the clients MAC addresses and dynamically move them to a specific SSID, if connected to WLAN.

All clients are stored within LDAP with the MAC addresses.

Clients can be connected either via WLAN (WLC 5508) or wired via switches

I'm able to authenticate the users but the clients themself never get access to the network. I saw in several discussions that MACs are not able to do machine-authentication since they don't provide something like Host/ as Windows clients do.

My questions:

1. Has somebody made the same experiences ?

2. Has somebody been able to get this running ?

3. Can anyone provide me a link or config example of ACS to

Scheme:

MAC ------- LWAPP -------WLC 5508 -------------------- ACS------------------------Open LDAP

OS-X                            7.0.116.0                        5.0.2.26

Any hints or tipps are very much appreciated

Many thanks in advance and best regards

Roman     

Labels:
0 Helpful
2 Replies 2

camejia
Level 3
Level 3

‎01-09-2012 10:12 AM

Hello,

You can get Macintosh machine authentication working with ACS but it is a little bit tricky. You can refer to:

https://supportforums.cisco.com/docs/DOC-15477

Also, if needed Apple Support should be involved if assistance is needed configuring the client side.

Hope this helps.

Regards.

0 Helpful

rhub
Level 1
Level 1
In response to camejia

‎01-09-2012 11:10 PM

Hello Carlos,

many thanks for your post. If I understood the referred doc right they use EAP-TLS with certificates for machine authentication but my customer only wants to check the clients against their MAC-adresses which are stored in Open LDAP directory.

I really appreciate any further hints or tipps.

Regards

0 Helpful
Customers Also Viewed These Support Documents