cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
319
Views
0
Helpful
4
Replies

ISE 1.4 using EAP-TLS can´t identify user in a AD Group

almeidag
Level 1
Level 1

Hi 

I have a client that want to use EAP-TLS authentication on his Wifi and he only wants the users in a distinct  AD group to access the cooperate SSID.

I got the solution working with a PEAP authentication  but with EAP-TLS  it only works without the "AD Group" policy.

 

Any Idea on what i can do to get it to work ?

 

George

 

i found the problem, i had to adapt the "Certificate Authentication Profile " for the client AD

1 Accepted Solution

Accepted Solutions

How is your dot1x configuration in your PC done ? How does the ISE log look, when it works ?

View solution in original post

4 Replies 4

jan.nielsen
Level 7
Level 7

Does the PC have machine certificates or user certificates installed ? If the PC uses computer certificates, you can't do group lookups for the user, as the user is not known to ise.

Hi 

I found out that the client has both certificates.

and what was strange was that the PC certificate worked but not the user cert. ...

Any ideia way ?

How is your dot1x configuration in your PC done ? How does the ISE log look, when it works ?

hi 

i found the problem i had to adapt the "Certificate Authentication Profile " for the client AD

thank you very much for your help.

 

George

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: