03-13-2008 01:53 AM - edited 07-03-2021 03:32 PM
Hi, I have a test environment with Light weight Access Points, 4404 WLC, ACS v4.0, a stand-alone CA and XP wireless clients. Can I get EAP-TLS with machine authentication(certificate based) without requiring an external AD database?
I am getting authentication traffic between the wireless client and the ACS but currently getting an authentication failure code on ACS log saying "external DB not available"
03-13-2008 05:39 PM
Did you load the certificate on the machines first? If you are using username and password, then you can set that up in ACS. Do you have ACS setup for external DB and not local DB?
04-28-2008 06:06 AM
I'm trying to do the same thing without success.
WLC 4404, ACS v3.3, enterprise CA and XP SP2 wireless clients.
I configured the System Conf -> Global Auth Setup for EAP-TLS with SAN/CN/Binary comparison, but then the ACS log complains about "external DB not available"
http://www.cisco.com.ru/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user/o.htm talks about "EAP Authentication Protocol and User Database Compatibility" in table 1.3. From my point of view EAP-TLS should be configurable using the internal ACS db.
Thanks for your support!
Mark
05-14-2008 11:35 AM
Sounds like you have ACS configured to check an external database if the user authentication fails.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: