06-29-2015 10:15 AM - edited 03-10-2019 10:51 PM
My topology : Wireless user -> WLC 2504 -> Cisco ACS 5.6 (Joined and Connected AD) -> Microsoft AD (2012)
I want to authenticate wireless user by using Microsoft AD and Cisco ACS 5.6.
I create MAC address of user in Microsoft AD and create identity rule by selecting "Calling-Station-ID" in "RADIUS-IETF" dictionary equal MAC Address or mac-attribute and so on.
However, ACS cannot find MAC Address in Microsoft AD that give me the error message "22056 Subject not found in the applicable identity store(s)."
I try many RADIUS-IETF attributes but I got same error message.
For more information, please see attached files.
Please help.
Thank you.
Nash
07-08-2015 10:26 AM
Anyone ever implement this method of Cisco ACS.
Please help.
Thank you.
Nash
07-24-2015 12:51 PM
Are you using a controller? I have 50K users that auth via ad on our wirless.
this is what I use:
Access Service: | Default Network Access |
Identity Store: | AD1 |
Authorization Profiles: | Mevo-auth-profile |
CTS Security Group: | |
Authentication Method: | PEAP(EAP-MSCHAPv2) |
the above was from a client that passed auth. my mevo auth profile is a simple
attribute cisco-av-pair type string attribute value static pki:cert-application=all
======================
under access policies and default network access.
I have it customized and have these fields. < see attached>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide