Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1029
Views
0
Helpful
9
Replies

ACS 5.2 EAP-TLS Machine Authentication

Roger Alderman
Level 3
Level 3

‎02-22-2012 05:56 AM - edited ‎07-03-2021 09:38 PM

Hi All

I have set up an ACS (5.2) to do EAP-TLS Machine and User Authentication.

I am getting intermittent results with the machine authentication using the same laptop as a test client.

When the machine authentication succeeds the RADIUS name shows as host/xxx-yyy.

When the machine authentication fails the RADIUS name shows as xxx-yyy without the host/.

Anybody have any ideas why this is happening?

Regards

Roger

Labels:
0 Helpful
9 Replies 9

Scott Fella
Hall of Fame
Hall of Fame

‎02-22-2012 06:11 AM

When you are testing, are you rebooting the machine?

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
0 Helpful

Roger Alderman
Level 3
Level 3
In response to Scott Fella

‎02-22-2012 06:56 AM

Hi Scott

I have rebooted the machine yes. However, you don't need to go that far. It's sufficient to simply log-off the user and the machine authentication will kick in again. That's standard practice.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Roger Alderman

‎02-22-2012 07:12 AM

Just wondering when it fails. When it is rebooted or when logging off and logging on.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
0 Helpful

Roger Alderman
Level 3
Level 3
In response to Scott Fella

‎02-22-2012 07:47 AM

Scott

It appears to be random.

It will fail and then a few minutes later it will pass.

The only discrepancy I can see is the RADIUS name but I don't see how this would change so it may be a red herring!

Roger

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Roger Alderman

‎02-22-2012 07:51 AM

If your using windows 7, did you just specify computer, not user or computer.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
0 Helpful

Roger Alderman
Level 3
Level 3
In response to Scott Fella

‎02-22-2012 07:58 AM

It is Windows 7. We've specified 'computer or user' since we want to use machine and user authentication.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Roger Alderman

‎02-22-2012 08:11 AM

It's machine OR user not both.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
0 Helpful

Roger Alderman
Level 3
Level 3
In response to Scott Fella

‎02-22-2012 08:17 AM

What are you saying? That you can't have both machine and user EAP-TLS authentication?

This has always worked with XP and I've got it working with Windows 7 if I set the client to 'computer or user'.

It just seems to be a bit flaky on the machine authentication.

Roger

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Roger Alderman

‎02-22-2012 08:37 AM

I was thinking you were ysing PEAP.  Well it seems like the issue is with the client not sending the host/ which ACS is looking for,

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card