No problem. Keep us posted!

Jasmin Music · ‎02-04-2015

Dear all,

I have a very large heterogeneous network with different clients such as Windows and Linux workstations, where Linux machines do not participate in AD. Also we have a PKI infrastructure based on MS 2008 Certificate Authority. My question is, is it possible to authenticate Linux boxes on ACS with only EAP-TLS dot1x auth with certificates from CA server? I have allready tried to do that but on ACS I get constantly that client is rejecting the ACS local certificate. Certificate is generated from CA with Network Authentication template. ACS is joined also in AD. Also certificate for the linux client from the same certificate template is generated.

Thanks in advance

Regards

nspasov · ‎02-04-2015

Hello Jasmin-

Yes, you can use the same certificate authority to perform EAP-TLS for both domain and non-domain joined machines. A couple of things to check:

1. Make sure that the Linux machines have the Root CA Certificate and the Intermediate CA Certificate (If any) imported in the trusted certificate store

2. Make sure that you have an authorization rule that is just for EAP-TLS and not for EAP-TLS and AD membership check

I hope this helps!

Thank you for rating helpful posts!

Jasmin Music · ‎02-11-2015

Thank you for your answer Neno, but still having problems with auth. Maybee is a little problem with my certificates, but I will let you kno. Thanks for support

Best regards

Jasmin

nspasov · ‎02-11-2015

No problem. Keep us posted!

Thank you for rating helpful posts!

Cisco ACS 5.6 - EAP-TLS config for non-AD Linux clients and Windows clients