Cisco Support Community
Community Member

TLS Authentication

We are using Windows server 2003 with software CiscoSecure ACS 4.1. On client laptop runs OS Windows XP SP3 and Intel ProSet Wireless 11.5 software. I've created machine certiface for laptop and in Cisco ACS in "Certificate Trust List" select our CA certificate.

I configured Intel ProSet software like this:


In log -> Failed attempts:

Failed attempts.JPG

We don't use active directory but Samba LDAP. So the question is what is the procedure to configure Cisco ACS to allow connect laptop to it? How does Cisco ACS know which computer is trying to connect? There must be some connection with LDAP, but how to do that?

Is anyone try that? Can someone tell me how this works and what should I do?!

Everyone's tags (4)

Re: TLS Authentication

Your error message below looks like you have a lower-level certificate trust problem to solve.  For TLS to work properly, the certificate from the client (the laptop) must be trusted by the ACS server.  Also, the ACS server certificate must be trusted by the client (unless you disable the server certificate check on the client).  If you are using EAP-TLS authentication, then you are not required to do any LDAP authentication.  The certificate from the client is the "identity" of the client.

Community Member

Re: TLS Authentication

Still the same error

What else could be wrong? Is there any option to see verbose logging?

Global Authentication Setup settings:

CreatePlease to create content