https://community.cisco.com/t5/network-access-control/acs-5-2-machine-certificate-authentication/m-p/1678568#M261319 <HTML><HEAD></HEAD><BODY><P><SPAN style="background-color: #f8fafd;">The result of an identity policy can reference results of one of the following kinds</SPAN></P><P><SPAN style="background-color: #f8fafd;">- identity store (for password based authentication)</SPAN></P><P><SPAN style="background-color: #f8fafd;">- certificate authentication profile (for certificate based authentication)</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">The error you are seeing is when a password based authentication request is received but the result of the selected identity policy is a certificate authentication profile</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">If you want the identity policy to support both methods I think what you need to do is create an identity sequence. (<SPAN class="cuesBreadcrumbStatic">Users and Identity Stores</SPAN><SPAN style="background-color: #ffffff;"> &gt;</SPAN>Identity Store Sequences<SPAN style="background-color: #ffffff;"> &gt; </SPAN><SPAN class="cuesBreadcrumbLast">Create)</SPAN></SPAN></P><P><SPAN style="background-color: #f8fafd;"><SPAN class="cuesBreadcrumbLast">- Select "Certificate Based" option and then the Certificate Authentication Profile</SPAN></SPAN></P><P><SPAN style="background-color: #f8fafd;"><SPAN class="cuesBreadcrumbLast">- Select "Password Based" and then the identity stores to be used for authentication</SPAN></SPAN></P><P><SPAN style="background-color: #f8fafd;"><SPAN class="cuesBreadcrumbLast"></SPAN></SPAN></P><P><SPAN style="background-color: #f8fafd;"><SPAN class="cuesBreadcrumbLast">Then select the identity sequence as the result in the identity policy</SPAN></SPAN></P></BODY></HTML> Tue, 24 May 2011 16:26:41 GMT jrabinow 2011-05-24T16:26:41Z https://community.cisco.com/t5/network-access-control/acs-5-2-machine-certificate-authentication/m-p/1678567#M261307 <P>Hello,</P><P></P><P>Is there a way to authenticate a windows computer in ACS 5.2 for 802.1x only with a certificate.</P><P></P><P>The Computer is from a different active directory than the one that is configured in ACS.</P><P></P><P>I tried importing the cert into "external indentity Stores" &gt; "certificate authorities", then setup the computer to use smart card or certificate, then selected the certificate from the other AD.</P><P></P><P>when i look at the ACS log, here is the message i can see&nbsp; :</P><P></P><P><A class="active_link" href="https://172.16.66.40/avreports/servlet/GenericRedirector?command=submit&amp;__requesttype=immediate&amp;invokeSubmit=true&amp;__executableName=%2Fhome%2Facsadmin%2FFailure_Reason%2FAuthentication_Failure_Code_Lookup.rptdesign&amp;rptFailureReason=22044+Identity+policy+result+is+configured+for+certificate+based+authentication+methods+but+received+password+based&amp;__locale=en_US&amp;iportalID=TKNENRBYE&amp;__masterpage=false&amp;__newWindow=false" style="color: red; margin-top: 0pt;" target="_self">22044 Identity policy result is configured for certificate based authentication methods but received password based</A></P><P></P><P>Any idea?</P><P></P><P></P><P>Regards.</P> Mon, 11 Mar 2019 01:06:33 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-machine-certificate-authentication/m-p/1678567#M261307 ThibaultMean 2019-03-11T01:06:33Z https://community.cisco.com/t5/network-access-control/acs-5-2-machine-certificate-authentication/m-p/1678568#M261319 <HTML><HEAD></HEAD><BODY><P><SPAN style="background-color: #f8fafd;">The result of an identity policy can reference results of one of the following kinds</SPAN></P><P><SPAN style="background-color: #f8fafd;">- identity store (for password based authentication)</SPAN></P><P><SPAN style="background-color: #f8fafd;">- certificate authentication profile (for certificate based authentication)</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">The error you are seeing is when a password based authentication request is received but the result of the selected identity policy is a certificate authentication profile</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">If you want the identity policy to support both methods I think what you need to do is create an identity sequence. (<SPAN class="cuesBreadcrumbStatic">Users and Identity Stores</SPAN><SPAN style="background-color: #ffffff;"> &gt;</SPAN>Identity Store Sequences<SPAN style="background-color: #ffffff;"> &gt; </SPAN><SPAN class="cuesBreadcrumbLast">Create)</SPAN></SPAN></P><P><SPAN style="background-color: #f8fafd;"><SPAN class="cuesBreadcrumbLast">- Select "Certificate Based" option and then the Certificate Authentication Profile</SPAN></SPAN></P><P><SPAN style="background-color: #f8fafd;"><SPAN class="cuesBreadcrumbLast">- Select "Password Based" and then the identity stores to be used for authentication</SPAN></SPAN></P><P><SPAN style="background-color: #f8fafd;"><SPAN class="cuesBreadcrumbLast"></SPAN></SPAN></P><P><SPAN style="background-color: #f8fafd;"><SPAN class="cuesBreadcrumbLast">Then select the identity sequence as the result in the identity policy</SPAN></SPAN></P></BODY></HTML> Tue, 24 May 2011 16:26:41 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-machine-certificate-authentication/m-p/1678568#M261319 jrabinow 2011-05-24T16:26:41Z