09-24-2015 08:11 AM - edited 03-10-2019 11:05 PM
Hi
I have a client that want to use EAP-TLS authentication on his Wifi and he only wants the users in a distinct AD group to access the cooperate SSID.
I got the solution working with a PEAP authentication but with EAP-TLS it only works without the "AD Group" policy.
Any Idea on what i can do to get it to work ?
George
i found the problem, i had to adapt the "Certificate Authentication Profile " for the client AD
Solved! Go to Solution.
09-24-2015 01:01 PM
How is your dot1x configuration in your PC done ? How does the ISE log look, when it works ?
09-24-2015 09:07 AM
Does the PC have machine certificates or user certificates installed ? If the PC uses computer certificates, you can't do group lookups for the user, as the user is not known to ise.
09-24-2015 11:31 AM
Hi
I found out that the client has both certificates.
and what was strange was that the PC certificate worked but not the user cert. ...
Any ideia way ?
09-24-2015 01:01 PM
How is your dot1x configuration in your PC done ? How does the ISE log look, when it works ?
09-25-2015 02:17 AM
hi
i found the problem i had to adapt the "Certificate Authentication Profile " for the client AD
thank you very much for your help.
George
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: