cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
497
Views
0
Helpful
3
Replies

Cisco WLC + ACS + AD for Machine AND User auth...

gvb
Level 1
Level 1

So I am trying to implement an SSID that requires a machine to be a domain member, AND require the user to provide username/password credentials before being allowed on that SSID.

I am reading that it is possible, but can't find a clear config on how it is supposed to be setup... read about Machine Access Restrictions as being part of the config.

Any help here?

WLC 7.6 and ACS 5.5

-g

3 Replies 3

mohanak
Cisco Employee
Cisco Employee

Please refer the link for WLC, ACS, AD integration, radius authentication:

https://supportforums.cisco.com/discussion/11031266/wlc-acs-ad-integration-radius-authentication

Karel Navratil
Level 1
Level 1

I would recommend to do this via ISE+AnyConnect and EAP-Chaining, if there is a chance.

According to our experiences Machine Access Restrictions have a lot of limitations and it's confusing to end users.

K.

George Stefanick
VIP Alumni
VIP Alumni

We are testing ISE with EAP chaining. It allows you to validate the company device (laptop) is joined to the domain and then the user credentials. However this requires EAP-FAST and the Cisco Anyconnect client. There is a group set up to look at EAP-TEAP. This will allow for standardize "chaining"

http://tools.ietf.org/html/draft-ietf-emu-eap-tunnel-method-01#page-5

 

 

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: