Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1082
Views
0
Helpful
2
Replies

Anyone got ACS SE 4.2.1 authenticating against server 2008 R2 via LDAP?

aacole
Level 5
Level 5

‎05-18-2010 01:41 AM - edited ‎03-10-2019 05:08 PM

Hi, I'm working on a new network implementation where the customer has ACS SE and wants to use AD for machine based authentication of wired 802.1x clients.

As the support for 2008 R2 server (64-bit OS used here) using remote agent is not yet released they are attempting to set this up using an LDAP connection. The final goal is to use certificate based authentication, and I have had a message indicating this authentication type may not work due to an issue with binary comparison, so we started with basic username/password accounts first.

So far the ACS is populating its external user database fields with the domains setup on AD, but user authentication is failing.

Briefly we started with basic username/password usng MD5-CHAP on XP to an account configured on ACS, that worked fine. Then set up the external user database to use an LDAP connection to AD, and an unknown user policy, this dosent work. It looks like the issue could be do with the LDAP attributes not being set correctly.

Has anyone used LDAP as an authentication mechanism against 2008 R2 based AD and got it working?

Labels:
0 Helpful
2 Replies 2

aacole
Level 5
Level 5

‎05-18-2010 02:13 AM

To update this, the ACS is reporting the following error in the failed attempts report:

`Authentication type not supported by External DB'

The machine name is seen in the same log entry, so the assumption is made that at least this request is being forwarded to AD, but AD isn't listening.

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to aacole

‎05-18-2010 02:58 AM

Aacole,


The above error message says that your external database that is LDAP doesn't support EAP-MD5 and that is quite true.


You may check the below listed link for protocol and database compatibility.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/Overvw.html#wp824733


Since you are using LDAP its only supports EAP-GTC.


Do let me know if you need any further suggestions.


Regds,

JK


Do rate helpful posts-

~Jatin
0 Helpful
Customers Also Viewed These Support Documents