Cisco Support Community
Community Member

ACS-LDAP authentication

Hi all,

i am facing an issue authentication ACS with LDAP server . Getting an error mentioned below. Needs solution urgently.

RADIUS Status:

Authentication failed : 22056 Subject not found in the applicable identity store(s).

Evaluating Identity Policy

15006  Matched Default Rule

15013  Selected Identity Store -

22043  Current Identity Store does not support the  authentication method; Skipping it.
22056  Subject not found in the applicable identity  store(s).
22058  The advanced option that is configured for  an unknown user is used.
22061  The 'Reject' advanced option is configured  in case of a failed authentication request.
11815  Inner EAP-MSCHAP authentication  failed
11520  Prepared EAP-Failure for inner EAP  method
22028  Authentication failed and the advanced  options are ignored.
12305  Prepared EAP-Request with another PEAP  challenge
11006  Returned RADIUS  Access-Challenge
11001  Received RADIUS  Access-Request
11018  RADIUS is re-using an existing  session
12304  Extracted EAP-Response containing PEAP  challenge-response

12307  PEAP authentication failed

11504  Prepared EAP-Failure

11003  Returned RADIUS Access-Reject



Cisco Employee

ACS-LDAP authentication


I'm sure you've got this resolved still adding my inputs in case someone else facing the same issue.

The reason why you're seeing this error message

22043  Current Identity Store does not support the  authentication method

because LDAP doesn't support PEAP-MSCHAPv2. It only supports PAP in non-EAP requests and EAP-TLS, EAP-GTC and PEAP-GTC in EAP requests.


If you can't change the EAP flavor in your network, then you can migrate to Active directory as it supports peap-mschapv2.

Jatin Katyal

**Do rate helpful posts**

~Jatin Katyal
CreatePlease to create content