06-07-2010 11:11 AM - edited 03-10-2019 05:10 PM
Hello,
I am trying to use ACS 5.1 with Active Directory and do 802.1X EAP-TLS for wired and wireless access. We need to map users to an identity group to assign VLANs, dACLs, etc., but having an issue mapping a certificate based user to AD attributes. When the user/machine presents a certificate the Identity Rule matches based on cert and doesn't seem to process AD attributes like group membership. In the User Guide it states that it supports 'Certificate Retrieval for EAP-TLS Authentication' but doesn't really give any direction on how to configure.
Thanks...
06-07-2010 12:01 PM
N/M, I forgot to include the additional attribute retrieval search list in the identity store
sequence It is working now.
08-11-2010 08:28 AM
hey Jason,
I am trying to configure the samething EAP-TLS with AD.
Can you share some screenshoot of "local certificate, CA authority, and Certification profile? Does the user certificate have to locate in AD for verify?
Thanks,
Nhan
11-30-2010 11:42 AM
Could you perhaps share some of the config info - I'm trying to do just the same thing?
Many Thanks,
Guy
12-01-2010 09:02 AM
Sorry I missed your questions. Attaches is a screenshot. I initially missed the lower section "Additional Attribute Retrival Search List"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide