https://community.cisco.com/t5/network-access-control/eap-tls-user-and-machine-authentication-question/m-p/1880641#M209085 <HTML><HEAD></HEAD><BODY><P>Sounds like you rather want to use PEAP/MSChapV2</P></BODY></HTML> Fri, 24 Feb 2012 22:13:29 GMT Christian_Ney 2012-02-24T22:13:29Z https://community.cisco.com/t5/network-access-control/eap-tls-user-and-machine-authentication-question/m-p/1880640#M209044 <P>Hello,</P><P>i have a question regarding EAP TLS authentication in a wireless environment. We use Cisco AnyConnect NAM client and an ACS 5.1 to do EAP-TLS authentification. The Laptop and the user can be successfully authenticated using a certificate from our internal CA. i can also check the in our corporate AD if the user and machine are member of a certain group and based on the membership a can grant access to the network.</P><P>i can see in the ACS when the laptops after a reboot logs on to the network, but i don't see a log when the laptop comes back from hibernate mode, i guess this is normal because the laptop sends only the autentication equest after rebooting. </P><P></P><P>What i'd like to achive is, when a user logs on the it should always be checked if the machine was authenticated prior the user can get access to the network. Is there a way to do this with EAP-TLS and a LDAP connection to Active Directory.</P><P></P><P>thanks in advanced</P><P>alex</P> Mon, 11 Mar 2019 01:50:48 GMT https://community.cisco.com/t5/network-access-control/eap-tls-user-and-machine-authentication-question/m-p/1880640#M209044 alex.dersch 2019-03-11T01:50:48Z https://community.cisco.com/t5/network-access-control/eap-tls-user-and-machine-authentication-question/m-p/1880641#M209085 <HTML><HEAD></HEAD><BODY><P>Sounds like you rather want to use PEAP/MSChapV2</P></BODY></HTML> Fri, 24 Feb 2012 22:13:29 GMT https://community.cisco.com/t5/network-access-control/eap-tls-user-and-machine-authentication-question/m-p/1880641#M209085 Christian_Ney 2012-02-24T22:13:29Z