Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1017
Views
0
Helpful
0
Replies

ACS 5.3 with realm

Mike Lehmann
Level 1
Level 1

‎09-28-2012 06:10 AM - edited ‎03-10-2019 07:36 PM

our situation is following:

we have an ACS 5.3 wich holds the user DB for our WLAN. Access-Requests come either from internal access points or proxied from an external Radius (eduroam).

In these proxied requests the username contains a realm (@company.com).

Now ACS seems not be able to strip the realm from the inner identity so the user cannot be found in the DB.

I tried it with PEAP-MSCHAPv2.

Is it generally possible for ACS to treat usernames with realm?

Do I have to enter the usernames with realm in the internal user DB?

What EAP method is the best for this?

I read about EAP-TTLS can use the outer identity just for routing and the inner identity for authentication (my idea was outer=anonymous@company.com and inner=<username_without_realm>) - but ACS rejects the request with

"11512 Extracted EAP-Response/NAK packet requesting to use unsupported EAP protocol; EAP-negotiation failed"

Does ACS 5.3 support EAP-TTLS? (the documentation is not quite clear at this point - first they mention EAP-TTLS later just EAP-TLS)

I'm getting more and more confused.

I would be glad if someone could help.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents