cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1504
Views
5
Helpful
4
Replies

ACS 5.1 Active Directory EAP-TLS

Jason Granat
Level 5
Level 5

Hello,

I am trying to use ACS 5.1 with Active Directory and do 802.1X EAP-TLS for wired and wireless access. We need to map users to an identity group to assign VLANs, dACLs, etc., but having an issue mapping a certificate based user to AD attributes. When the user/machine presents a certificate the Identity Rule matches based on cert and doesn't seem to process AD attributes like group membership. In the User Guide it states that it supports 'Certificate Retrieval for EAP-TLS Authentication' but doesn't really give any direction on how to configure.

Thanks...

4 Replies 4

Jason Granat
Level 5
Level 5

N/M, I forgot to include the additional attribute retrieval search list in the identity store
sequence It is working now.

hey Jason,

I am trying to configure the samething EAP-TLS with AD.

Can you share some screenshoot of "local certificate,  CA authority, and Certification profile?  Does the user certificate have to locate in AD for verify?

Thanks,

Nhan

g.raymakers
Level 1
Level 1

Could you perhaps share some of the config info - I'm trying to do just the same thing?

Many Thanks,

Guy

Sorry I missed your questions. Attaches is a screenshot. I initially missed the lower section "Additional Attribute Retrival Search List"

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: