Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1183
Views
10
Helpful
2
Replies

EAP-TLS - Device vs User certificates

Go to solution
monolog99
Level 1
Level 1

‎10-21-2022 08:31 AM

Hi,

I have a Cisco ISE server authenticating our Wi-Fi users via EAP-TLS using the Local Computer / Machine certificate on the users PC. The users PC's also have Current User certificates installed as well.  I'm trying to use the user cert for authentication in order that I can then perform an AD lookup against the CN of that cert, which is the username.  However,  ISE is using the device certificate instead, where the CN of that cert is the PC name.

How do you tell ISE to use the User cert instead of the device/machine cert for EAP-TLS ?

Thanks,
Tim.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎10-21-2022 08:37 AM

@monolog99 you need to configure the supplicant on the windows computer to use "User or computer authentication"

Example: https://integratingit.wordpress.com/2019/07/13/configuring-windows-gpo-for-802-1x-authentication/

 

View solution in original post

2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎10-21-2022 08:37 AM

@monolog99 you need to configure the supplicant on the windows computer to use "User or computer authentication"

Example: https://integratingit.wordpress.com/2019/07/13/configuring-windows-gpo-for-802-1x-authentication/

 

Go to solution
monolog99
Level 1
Level 1
In response to Rob Ingram

‎10-24-2022 02:26 AM

Many thanks Rob. Cheers. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents