Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
282
Views
0
Helpful
1
Replies

EAP-TLS & Unknown User Policy

sparr_tru
Level 1
Level 1

‎05-18-2006 06:26 AM - edited ‎07-04-2021 12:07 PM

I setting up an WLC with the client using EAP-TLS (machine authentication only). We are using ACS 3.2 which is part of AD. The problem is that the ACS is being used to authorize users for Internet Access also.

So if I enable the Unknown User Policy to AD for EAP-TLS machine authentication, this will break what is being done for Internet Access.

Any ideas that don't include entering every machine and user name in the local database? I was wondering if I could setup a wildcard user of host/* that points to AD.

Is there a way to make this work without configuring the Unknown user policy to point to AD?

Thank you!

Labels:
0 Helpful
1 Reply 1

a-vazquez
Level 6
Level 6

‎05-24-2006 09:01 AM

Log onto the ACS server itself as the local administrator.

Browse to the Bin directory in the ACS program directory.

Run the program there called CSSupport.

Select "Run Wizard" and click Next.

Check all the boxes and create the file for last 3 days and clickNext.

Again click Next.

Select "Set Diagnostic Log Verbosity to Maximum." and click Next.

Click Next, then click Finish.

In an environment where there is more than one global catalog server for the domain, ACS will not search for the secondary" catalog server if the "primary" goes down.

Condition: ACS is installed on a domain member server.

Workaround: Re-start csauth.exe.Let me know if restarting CSAuth makes any difference

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card