I am looking to create a web auth network so users with non managed devices can connect to the wireless network via their AD credentials.
I have the users authenticating correctly via a PEAP/MS-ChapV2 solution so i know there is no issue with communications between ACS 5.3 and AD.
When they user fails authentication I receive the error message "22056 Subject not found in the applicable identity store(s)" yet i know the user is in the identity store based on successful authentications on the internal WLAN given above.
Ive tried changing the Web Auth on the WLC to CHAP, PAP and MD5CHAP to no avail.
Under the Access Policy created to link ACS to AD i have PEAP, MSCHAPv1 and 2 and CHAP configured as allowed protocols.
Ive tried different username modifications to no avail. I know the user is in the identity store.. ACS just cant find them..