Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
652
Views
0
Helpful
6
Replies

EAP-TLS machine authentication with ldaps

zacakg
Level 1
Level 1

‎05-02-2024 04:02 AM

Hello,

We want to use ldaps for communication with AD. Is it possible to use ldaps for machine authentication with EAP-TLS?

Regards,

0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎05-02-2024 04:46 AM

i do not see any reason its not going to work.

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216190-configure-and-troubleshoot-ise-with-exte.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

zacakg
Level 1
Level 1

‎05-21-2024 04:01 AM

Hello,

The document indicates that machine authentication is not possible with ldap.

Note: LDAP Identity Source on ISE is used only for User authentication.

Regards,

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to zacakg

‎05-21-2024 11:24 PM

i have re-read your OP 

 ldaps for communication with AD

can you explain this more to understand better. (as i was in impression you using ISE and Externals source as X)

or you looking to integrade directly with LDAPs?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

zacakg
Level 1
Level 1

‎05-23-2024 04:28 AM - edited ‎05-23-2024 04:28 AM

Hi Balaji,

We are trying to add an ldaps external identity source. And we want to authenticate devices with eap-tls(machine authentication). Is it possible to authenticate clients with eap-tls via ldaps server?

Regards,

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to zacakg

‎05-23-2024 12:09 PM

Now we go more deep here, what WLC controller and what code running - then check the WLC admin guide is that supported ?

may help if you using WLC 9800 :

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/216744-configuring-catalyst-9800-wlc-with-ldap.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Rob Ingram
VIP
VIP
In response to zacakg

‎05-23-2024 12:38 PM

@zacakg if you are just performing EAP-TLS authentication, that is between the client and ISE.

Lookup to an external identity source is optional. You would need to configure a Certificate Authentication Profile (CAP) and select the Identity Store and choose an option for Match Client Certificate Against Certificate In Identity Store.   https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ise_admin_3_1/b_ISE_admin_31_asset_visibility.html?bookSearch=true#ID425

Reference the CAP in the AuthC rules.

 

0 Helpful
Customers Also Viewed These Support Documents