https://community.cisco.com/t5/network-access-control/eap-tls-machine-authentication-with-ldaps/m-p/5087486#M589209 <P>Hello,</P> <P>We want to use ldaps for communication with AD. Is it possible to use ldaps for machine authentication with EAP-TLS?</P> <P>Regards,</P> Thu, 02 May 2024 11:02:52 GMT zacakg 2024-05-02T11:02:52Z https://community.cisco.com/t5/network-access-control/eap-tls-machine-authentication-with-ldaps/m-p/5087486#M589209 <P>Hello,</P> <P>We want to use ldaps for communication with AD. Is it possible to use ldaps for machine authentication with EAP-TLS?</P> <P>Regards,</P> Thu, 02 May 2024 11:02:52 GMT https://community.cisco.com/t5/network-access-control/eap-tls-machine-authentication-with-ldaps/m-p/5087486#M589209 zacakg 2024-05-02T11:02:52Z https://community.cisco.com/t5/network-access-control/eap-tls-machine-authentication-with-ldaps/m-p/5087555#M589211 <P>i do not see any reason its not going to work.</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216190-configure-and-troubleshoot-ise-with-exte.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216190-configure-and-troubleshoot-ise-with-exte.html</A></P> Thu, 02 May 2024 11:46:44 GMT https://community.cisco.com/t5/network-access-control/eap-tls-machine-authentication-with-ldaps/m-p/5087555#M589211 balaji.bandi 2024-05-02T11:46:44Z https://community.cisco.com/t5/network-access-control/eap-tls-machine-authentication-with-ldaps/m-p/5111841#M589522 <P>Hello,</P> <P>The document indicates that machine authentication is not possible with ldap.</P> <P><STRONG>Note</STRONG><SPAN>: LDAP Identity Source on ISE is used only for User authentication.</SPAN></P> <P><SPAN>Regards,</SPAN></P> <P>&nbsp;</P> Tue, 21 May 2024 11:01:16 GMT https://community.cisco.com/t5/network-access-control/eap-tls-machine-authentication-with-ldaps/m-p/5111841#M589522 zacakg 2024-05-21T11:01:16Z https://community.cisco.com/t5/network-access-control/eap-tls-machine-authentication-with-ldaps/m-p/5112806#M589545 <P>i have re-read your OP&nbsp;</P> <P><SPAN>&nbsp;ldaps for communication with AD</SPAN></P> <P><SPAN>can you explain this more to understand better. (as i was in impression you using ISE and Externals source as X)</SPAN></P> <P><SPAN>or you looking to integrade directly with LDAPs?</SPAN></P> <P>&nbsp;</P> Wed, 22 May 2024 06:24:15 GMT https://community.cisco.com/t5/network-access-control/eap-tls-machine-authentication-with-ldaps/m-p/5112806#M589545 balaji.bandi 2024-05-22T06:24:15Z https://community.cisco.com/t5/network-access-control/eap-tls-machine-authentication-with-ldaps/m-p/5114269#M589583 <P>Hi Balaji,</P> <P>We are trying to add an ldaps external identity source. And we want to authenticate devices with eap-tls(machine authentication). Is it possible to authenticate clients with eap-tls via ldaps server?</P> <P>Regards,</P> Thu, 23 May 2024 11:28:45 GMT https://community.cisco.com/t5/network-access-control/eap-tls-machine-authentication-with-ldaps/m-p/5114269#M589583 zacakg 2024-05-23T11:28:45Z https://community.cisco.com/t5/network-access-control/eap-tls-machine-authentication-with-ldaps/m-p/5115071#M589593 <P>Now we go more deep here, what WLC controller and what code running - then check the WLC admin guide is that supported ?</P> <P>may help if you using WLC 9800 :</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/216744-configuring-catalyst-9800-wlc-with-ldap.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/216744-configuring-catalyst-9800-wlc-with-ldap.html</A></P> <P>&nbsp;</P> Thu, 23 May 2024 19:09:45 GMT https://community.cisco.com/t5/network-access-control/eap-tls-machine-authentication-with-ldaps/m-p/5115071#M589593 balaji.bandi 2024-05-23T19:09:45Z https://community.cisco.com/t5/network-access-control/eap-tls-machine-authentication-with-ldaps/m-p/5115097#M589596 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1378350">@zacakg</a> if you are just performing EAP-TLS authentication, that is between the client and ISE.</P> <P>Lookup to an external identity source is optional. You would need to configure a Certificate Authentication Profile (CAP) and select the Identity Store and choose an option for <SPAN class="ph uicontrol">Match Client Certificate Against Certificate In Identity Store</SPAN>. &nbsp; <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ise_admin_3_1/b_ISE_admin_31_asset_visibility.html?bookSearch=true#ID425" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ise_admin_3_1/b_ISE_admin_31_asset_visibility.html?bookSearch=true#ID425</A></P> <P>Reference the CAP in the AuthC rules.</P> <P>&nbsp;</P> Thu, 23 May 2024 19:38:17 GMT https://community.cisco.com/t5/network-access-control/eap-tls-machine-authentication-with-ldaps/m-p/5115097#M589596 Rob Ingram 2024-05-23T19:38:17Z