https://community.cisco.com/t5/network-access-control/acs-with-ad-with-twin-authentication/m-p/1823409#M272685 <HTML><HEAD></HEAD><BODY><P>The wording on this is a little tricky, this means for machine authentication to work (PEAP or EAP-tls) you have to allow the protocol in the rule for it to work on the ACS side. When you click the on the service selection rule for default network access, you will the different protocol boxes checked.</P><P></P><P>Hope this helps,</P><P>Tarik Admani</P></BODY></HTML> Sun, 27 Nov 2011 03:48:34 GMT Tarik Admani 2011-11-27T03:48:34Z https://community.cisco.com/t5/network-access-control/acs-with-ad-with-twin-authentication/m-p/1823406#M272680 <P>Hi Gurus</P><P></P><P>I want to integrate my ACS 5.1 with AD, My request is to check for the machine authentication first. If the machine authentication passes the client username/password should be validated and client should be put in vlan X . If the machine authentication fails, the client username/password should be validated. If the authentication passes the client should be put in vlan Y</P><P></P><P>Let me know if this is possible</P><P></P><P>Thanks</P><P>NikhiL </P> Mon, 11 Mar 2019 01:34:51 GMT https://community.cisco.com/t5/network-access-control/acs-with-ad-with-twin-authentication/m-p/1823406#M272680 nikhilcherian 2019-03-11T01:34:51Z https://community.cisco.com/t5/network-access-control/acs-with-ad-with-twin-authentication/m-p/1823407#M272681 <HTML><HEAD></HEAD><BODY><P>Nikhil,</P><P></P><P>You can setup a condition in your authorization policy and check if the machine authentication was performed and base your result off this condition.</P><P></P><P>Here is a guide that fits your questions:</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/users_id_stores.html#wp1235978">http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/users_id_stores.html#wp1235978</A></P><P></P><P>thanks,</P><P>Tarik Admani</P></BODY></HTML> Sat, 26 Nov 2011 16:51:49 GMT https://community.cisco.com/t5/network-access-control/acs-with-ad-with-twin-authentication/m-p/1823407#M272681 Tarik Admani 2011-11-26T16:51:49Z https://community.cisco.com/t5/network-access-control/acs-with-ad-with-twin-authentication/m-p/1823408#M272683 <HTML><HEAD></HEAD><BODY><P>Hi Tarik, </P><P></P><P> Thansks for the reply.</P><P></P><P>below is a line i found in the doc.</P><P></P><P style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px; margin-bottom: 7px; margin-left: 0.25in; margin-right: 0em; text-decoration: none; text-indent: -0.25in; background-color: #ffffff;"><IMG border="0" height="2" src="http://www.cisco.com/en/US/i/templates/blank.gif" width="19" />Administrator can configure whether or not MAR is enabled in the AD settings page. However for MAR to work the following limitations must be taken into account:</P><P> <A name="wp1235152" style="color: #000000; font-family: Arial, Helvetica, sans-serif; background-color: #ffffff;"></A></P><P style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px; margin-bottom: 7px; margin-left: 0.55in; margin-right: 0em; text-decoration: none; text-indent: -0.25in; background-color: #ffffff;">–<IMG border="0" height="2" src="http://www.cisco.com/en/US/i/templates/blank.gif" width="17" />Machine authentication must be enabled in the authenticating protocol settings</P><P></P><P>Does this say the authenticator should enable mac-auth </P><P></P><P>Thanks</P><P>NikhiL</P></BODY></HTML> Sat, 26 Nov 2011 17:04:43 GMT https://community.cisco.com/t5/network-access-control/acs-with-ad-with-twin-authentication/m-p/1823408#M272683 nikhilcherian 2011-11-26T17:04:43Z https://community.cisco.com/t5/network-access-control/acs-with-ad-with-twin-authentication/m-p/1823409#M272685 <HTML><HEAD></HEAD><BODY><P>The wording on this is a little tricky, this means for machine authentication to work (PEAP or EAP-tls) you have to allow the protocol in the rule for it to work on the ACS side. When you click the on the service selection rule for default network access, you will the different protocol boxes checked.</P><P></P><P>Hope this helps,</P><P>Tarik Admani</P></BODY></HTML> Sun, 27 Nov 2011 03:48:34 GMT https://community.cisco.com/t5/network-access-control/acs-with-ad-with-twin-authentication/m-p/1823409#M272685 Tarik Admani 2011-11-27T03:48:34Z