Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
567
Views
0
Helpful
1
Replies

ACS5.5 + WLC User-certificate and AD Integration Domain Stripping is it available?

Andrew Grech
Level 1
Level 1

‎01-04-2016 04:52 PM - last edited on ‎03-25-2019 05:34 PM by Community Manager

Hi,


I am in the process of writing a change document for ACS5.5 so I can authenticate wireless users with a user client authentication certificate and check for active directory for group memberships. Currently the Common name for client authentication certificates is as follows. 

DomainName\UserName example AcmeCorporation\Joe.Blogs

Does this common name need to be stripped or manipulated for the active directory lookup to succeed? 

Many Thanks


Andrew

Labels:
0 Helpful
1 Reply 1

Andrew Grech
Level 1
Level 1

‎01-04-2016 06:09 PM

I found the following for ACS 5.8

Hopefully it is the same in 5.5

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-8/ACS-ADIntegration/guide/Active_Directory_Integration_in_ACS_5-8.html

Supported Username Formats 

The following are the supported username types:

SAM, for example: jdoe

NetBIOS prefixed SAM, for example: ACME\jdoe

UPN, for example: jdoe@acme.com

Alt UPN, for example: john.doe@acme.co.uk

Subtree, for example: johndoe@finance.acme.com

SAM machine, for example: laptop$

NetBIOS prefixed machine, for example: ACME\laptop$

FQDN DNS machine, for example: host/laptop.acme.com

Hostname only machine, for example: host/laptop

Should be good to go

I'll be using NetBIOS prefixed SAM, for example: ACME\jdoe

0 Helpful
Customers Also Viewed These Support Documents