02-04-2015 02:32 AM - edited 03-10-2019 10:24 PM
Dear all,
I have a very large heterogeneous network with different clients such as Windows and Linux workstations, where Linux machines do not participate in AD. Also we have a PKI infrastructure based on MS 2008 Certificate Authority. My question is, is it possible to authenticate Linux boxes on ACS with only EAP-TLS dot1x auth with certificates from CA server? I have allready tried to do that but on ACS I get constantly that client is rejecting the ACS local certificate. Certificate is generated from CA with Network Authentication template. ACS is joined also in AD. Also certificate for the linux client from the same certificate template is generated.
Thanks in advance
Regards
02-04-2015 06:53 PM
Hello Jasmin-
Yes, you can use the same certificate authority to perform EAP-TLS for both domain and non-domain joined machines. A couple of things to check:
1. Make sure that the Linux machines have the Root CA Certificate and the Intermediate CA Certificate (If any) imported in the trusted certificate store
2. Make sure that you have an authorization rule that is just for EAP-TLS and not for EAP-TLS and AD membership check
I hope this helps!
Thank you for rating helpful posts!
02-11-2015 07:26 AM
Thank you for your answer Neno, but still having problems with auth. Maybee is a little problem with my certificates, but I will let you kno. Thanks for support
Best regards
Jasmin
02-11-2015 03:50 PM
No problem. Keep us posted!
Thank you for rating helpful posts!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide