Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Machine authentication and MAR not working.

Hi, I'm using ACS 4.1.23 with MS AD for authentication in a wireless network environment. Users connect to one of the (Suppliers and Employees) SSID's and based on group authorization in AD are allowed to access. The SSID to the Employees network has an additional policy: only registered hosts in AD are allowed. For authentication is the standard MS supplicant used with PEAP-MSCHAPV2 configured.

According to the Cisco documentation ACS supports Machine Authentication and in combination with MAR, authenticated hosts required before user authentication, is possible.

BUT, it doesn't work. I do see successful host and user authentication, but the MAR policy doesn't kick in when a user authenticates without host authentication. I was able to turn debug logging for the CSAuth service, giving me the extra information in the AUTH.log.

I have no clue what is missing or how to troubleshoot from this point on.

Has anyone got this setup working or help me a step further ?

New Member

Re: Machine authentication and MAR not working.

Found it !

Within the MAR configuration, the "host/" definition is required for ACS to identify hosts.

ACS has the worst GUI of all software I know of ... :-(