https://community.cisco.com/t5/wireless/eap-tls-and-ms-ad-auth-problem/m-p/814617#M124163 <P>Hi, </P><P>I have a problem with an ACS to authenticate users with certificate on MS AD. </P><P></P><P>Working things: </P><P>PEAP authentication with the MS AD; </P><P>EAP-TLS authentication with the local DB. </P><P></P><P>Not working things: </P><P>EAP-TLS authentication with MS AD. </P><P></P><P>Because I'm able to auth users with PEAP on MS AD, I guess my config on MS AD is correct. </P><P>Because I'm able to auth users with certif in EAP-TLS, I guess my certif config is correct. </P><P></P><P>So, why it's not working with the combination EAP-TLS and MS AD. </P><P></P><P>I receive the error 'External DB Account Restriction' </P><P></P><P>Thanks for your help. </P><P></P><P></P><P></P> Sat, 03 Jul 2021 21:35:26 GMT philippe.denebourg 2021-07-03T21:35:26Z https://community.cisco.com/t5/wireless/eap-tls-and-ms-ad-auth-problem/m-p/814617#M124163 <P>Hi, </P><P>I have a problem with an ACS to authenticate users with certificate on MS AD. </P><P></P><P>Working things: </P><P>PEAP authentication with the MS AD; </P><P>EAP-TLS authentication with the local DB. </P><P></P><P>Not working things: </P><P>EAP-TLS authentication with MS AD. </P><P></P><P>Because I'm able to auth users with PEAP on MS AD, I guess my config on MS AD is correct. </P><P>Because I'm able to auth users with certif in EAP-TLS, I guess my certif config is correct. </P><P></P><P>So, why it's not working with the combination EAP-TLS and MS AD. </P><P></P><P>I receive the error 'External DB Account Restriction' </P><P></P><P>Thanks for your help. </P><P></P><P></P><P></P> Sat, 03 Jul 2021 21:35:26 GMT https://community.cisco.com/t5/wireless/eap-tls-and-ms-ad-auth-problem/m-p/814617#M124163 philippe.denebourg 2021-07-03T21:35:26Z https://community.cisco.com/t5/wireless/eap-tls-and-ms-ad-auth-problem/m-p/814618#M124164 <HTML><HEAD></HEAD><BODY><P>This issue is generally seens when there are multiple domains. Try out this step. Choose Network Connections from the control panel. Right-click the local area connection.Choose Properties. Double-click the TCP/IP option. Choose Advanced at the bottom. Click on DNS at the top. Choose Append these DNS suffixes. Add the FQDN for each domain that ACS authenticates against in the field. </P></BODY></HTML> Wed, 12 Sep 2007 20:22:48 GMT https://community.cisco.com/t5/wireless/eap-tls-and-ms-ad-auth-problem/m-p/814618#M124164 2007-09-12T20:22:48Z https://community.cisco.com/t5/wireless/eap-tls-and-ms-ad-auth-problem/m-p/814619#M124165 <HTML><HEAD></HEAD><BODY><P>I did this and it doesn't work beter.</P><P></P><P></P><P>Phil.</P></BODY></HTML> Thu, 13 Sep 2007 10:38:44 GMT https://community.cisco.com/t5/wireless/eap-tls-and-ms-ad-auth-problem/m-p/814619#M124165 philippe.denebourg 2007-09-13T10:38:44Z https://community.cisco.com/t5/wireless/eap-tls-and-ms-ad-auth-problem/m-p/814620#M124166 <HTML><HEAD></HEAD><BODY><P>I know this thread is old but I am very curious if you found an answer to this. I am in the exact same situation and have verified and reverified everything based on every ounce of documentation I can find. This is driving me crazy so if you found a solution I would love to hear what it was.</P><P></P><P>-Scott</P></BODY></HTML> Mon, 09 Mar 2009 20:30:52 GMT https://community.cisco.com/t5/wireless/eap-tls-and-ms-ad-auth-problem/m-p/814620#M124166 scottcraig 2009-03-09T20:30:52Z