06-10-2008 04:25 AM - edited 03-10-2019 03:53 PM
Hi,
I am trying to setup wired machine based authentication. I have followed this guide
However I simply get the same error all the time on ACS.
Invalid message authenticator in EAP request
Switch config;
interface GigabitEthernet0/46
switchport access vlan 20
switchport mode access
media-type rj45
dot1x pae authenticator
dot1x port-control auto
dot1x reauthentication
dot1x guest-vlan 20
i am trying to setup group matching to perform vlan assignment however I am just entering under the unknown user policy at the min with no vlan assignment setup.
Anyone shed any light on this, all I want to do is authenticate a machine via certificates issue a vlan id based on the machine name and AD group matching. No user authentication this can be done via the PDC.
Purely using machine auth.
Cheers
Scott
Solved! Go to Solution.
06-10-2008 04:43 AM
Scott,
I recommend to change/retype the shared secret on the switch as well as ACS server for the
AAA Client and AAA server.
Regards,
~JG
Do rate helpful posts
06-10-2008 04:43 AM
Scott,
I recommend to change/retype the shared secret on the switch as well as ACS server for the
AAA Client and AAA server.
Regards,
~JG
Do rate helpful posts
06-10-2008 04:57 AM
Tried that, also checked it with them different and i get nothing in the logs. Hence communication seems fine from switch to ACS???
Cheers
Scott
06-10-2008 06:28 AM
Ok!!
Checked that again and yes that stopped the message ;)
Now I am getting an external db authentication failure, however I dont see anything in AD event viewer??
Thanks
Scott
06-10-2008 06:35 AM
Scott,
Check unknown user policy settings and make sure you have proper permission for the account running acs services.
Regards,
~JG
Do rate helpful posts
06-11-2008 01:43 AM
Hi Guys,
The plot thickens, I can authenticate via user 802.1x and I can also authenticate the machine against my existing 4.1 ACS server however when using the new server 4.2 I get the external DB authentication failure??
Thanks for your help.
Scott
06-11-2008 01:44 AM
PS all the setting are identical, also the fact I can auth via user credentials proves the AD interop.
Cheers
Scott
06-11-2008 04:55 AM
Check the unknown user policy settings and permission issue. Checkout the auth.log , that will show more details about the issue.
Regards.
~JG
06-11-2008 06:42 AM
Hi Mate,
I have now done a fresh install of 4.1 and I can confirm that 4.1 works fine so it would definately indicate a 4.2 issue.
I will check the auth.log to get more details
Thanks
scott
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide