topic Ok, in this case:1. You will in Network Access Control

ACS 5.5 Radius Authentication Failure with WLC 5508 and AD 2012

Bernard Lara — Mon, 11 Mar 2019 05:45:31 GMT

Hi,

I need help on these errors.

Here is my setup: WLC 5508 7.6.130.0 -> ACS 5.5.0.46 -> AD 2012

I am getting (2) errors in ACS 5.5

12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain

22044 Identity policy result is configured for certificate based authentication methods but received password based

Already installed the CA cert and local cert in ACS and also in client PC.

Please see screenshots

Can you attach some screen

nspasov — Wed, 27 May 2015 21:51:36 GMT

Can you attach some screen shots of the supplicant configurations? It looks like you have two issues:

1. Your supplicant is attempting to perform password based (most likely PEAP) based authentication while your Radius server is set to perform Certificate (EAP-TLS) based authentication

2. The authenticating client is not trusting the root CA that issued/signed the Radius certificate

Thank you for rating helpful posts!

Hi Neno, I have not created

Bernard Lara — Thu, 28 May 2015 05:58:12 GMT

Hi Neno,

I have not created any wireless profile, so from Windows 7 it is authenticating with PEAP-MSCHAPv2

Ok, in this case:1. You will

nspasov — Fri, 29 May 2015 16:27:07 GMT

Ok, in this case:

1. You will need to configure the Windows supplicant properly before this can work. You will need to define the type of authentication and the CA certificate to be trusted. If the CA certificate is not available in the list of Certificates then you will need to import it

2. If you are doing PEAP then your Identity Store should be Active Directory and not Certificate Authentication Profile. The Certificate Authentication Profile is used for certificate based (EAP-TLS) authentications.

Thank you for rating helpful posts!