Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

EAP-TLS machine auth - no AD

Hi, I have a test environment with Light weight Access Points, 4404 WLC, ACS v4.0, a stand-alone CA and XP wireless clients. Can I get EAP-TLS with machine authentication(certificate based) without requiring an external AD database?

I am getting authentication traffic between the wireless client and the ACS but currently getting an authentication failure code on ACS log saying "external DB not available"

Hall of Fame Super Silver

Re: EAP-TLS machine auth - no AD

Did you load the certificate on the machines first? If you are using username and password, then you can set that up in ACS. Do you have ACS setup for external DB and not local DB?

*** Please rate helpful posts ***
New Member

Re: EAP-TLS machine auth - no AD

I'm trying to do the same thing without success.

WLC 4404, ACS v3.3, enterprise CA and XP SP2 wireless clients.

I configured the System Conf -> Global Auth Setup for EAP-TLS with SAN/CN/Binary comparison, but then the ACS log complains about "external DB not available" talks about "EAP Authentication Protocol and User Database Compatibility" in table 1.3. From my point of view EAP-TLS should be configurable using the internal ACS db.

Thanks for your support!


New Member

Re: EAP-TLS machine auth - no AD

Sounds like you have ACS configured to check an external database if the user authentication fails.