Hello together,
i have a wireless deplyoment with WLC 5508, ACS 5.2 and several AD connected by LDAP. It is required that users are authenticated by certificates additional the user should only get access to the wireless environment when the user is found in a certain security group in the Microsoft AD forrest.
The certificate based authentication is working without any problems, except the lookup into the AD isn't working. Here are the Details of the "Evaluting Identity Policy"
Evaluating Identity Policy |
15004 Matched rule |
22037 Authentication Passed |
22023 Proceed to attribute retrieval |
24031 Sending request to primary LDAP server |
24016 Looking up user in LDAP Server - Alex Dersch |
24008 User not found in LDAP Server |
22015 Identity sequence continues to the next IDStore |
24209 Looking up Host in Internal Hosts IDStore - Alex Dersch |
24217 The host is not found in the internal hosts identity store. |
22016 Identity sequence completed iterating the IDStores |
but the user can access the WLAN just without verifying the user in the AD.
i tried the to enable Binary Comparisation but then the Authentication is not working any more. I get the same Identity Policy result as above.
i configured the Binary Comparisation as below:
I though with the binary comparisation i'll be able to verify the existance and the status of an user in the Active Directory. Am I wrong?
regards
alex