cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
437
Views
0
Helpful
4
Replies

ISE 1.4 using EAP-TLS can´t identify user in a AD Group

almeidag
Level 1
Level 1

Hi 

I have a client that want to use EAP-TLS authentication on his Wifi and he only wants the users in a distinct  AD group to access the cooperate SSID.

I got the solution working with a PEAP authentication  but with EAP-TLS  it only works without the "AD Group" policy.

 

Any Idea on what i can do to get it to work ?

 

George

 

i found the problem, i had to adapt the "Certificate Authentication Profile " for the client AD

1 Accepted Solution

Accepted Solutions

How is your dot1x configuration in your PC done ? How does the ISE log look, when it works ?

View solution in original post

4 Replies 4

jan.nielsen
Level 7
Level 7

Does the PC have machine certificates or user certificates installed ? If the PC uses computer certificates, you can't do group lookups for the user, as the user is not known to ise.

Hi 

I found out that the client has both certificates.

and what was strange was that the PC certificate worked but not the user cert. ...

Any ideia way ?

How is your dot1x configuration in your PC done ? How does the ISE log look, when it works ?

hi 

i found the problem i had to adapt the "Certificate Authentication Profile " for the client AD

thank you very much for your help.

 

George