EAP-TLS machine auth - no AD

bthomson · ‎03-13-2008

Hi, I have a test environment with Light weight Access Points, 4404 WLC, ACS v4.0, a stand-alone CA and XP wireless clients. Can I get EAP-TLS with machine authentication(certificate based) without requiring an external AD database?

I am getting authentication traffic between the wireless client and the ACS but currently getting an authentication failure code on ACS log saying "external DB not available"

Scott Fella · ‎03-13-2008

Did you load the certificate on the machines first? If you are using username and password, then you can set that up in ACS. Do you have ACS setup for external DB and not local DB?

-Scott
*** Please rate helpful posts ***

fieus · ‎04-28-2008

I'm trying to do the same thing without success.

WLC 4404, ACS v3.3, enterprise CA and XP SP2 wireless clients.

I configured the System Conf -> Global Auth Setup for EAP-TLS with SAN/CN/Binary comparison, but then the ACS log complains about "external DB not available"

http://www.cisco.com.ru/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user/o.htm talks about "EAP Authentication Protocol and User Database Compatibility" in table 1.3. From my point of view EAP-TLS should be configurable using the internal ACS db.

Thanks for your support!

Mark

taelon_x7 · ‎05-14-2008

Sounds like you have ACS configured to check an external database if the user authentication fails.