Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
644
Views
0
Helpful
4
Replies

ACS 5.5 + Radius Identity stores

Sharin Taib
Beginner
Beginner

‎01-06-2016 10:45 PM - edited ‎02-21-2020 05:40 AM

Hi

I have an ACS version 5.5 setup with Radius identity stores.

Currently, my wireless users login to a captive portal that sends EAP_ASCII to my ACS which then sends the credentials over to the individual radius identity stores.

I am attempting to change the login process for my wireless users by sending EAP_PEAP with no 2nd level authentication over to my ACS.

But i keep getting an error as such

22043  Current Identity Store does not support the authentication method; Skipping it.
22056  Subject not found in the applicable identity store(s).

My vendor said that ACS version 5.5 + Radius identity stores does not support EAP_PEAP and will need to re-configure as a LDAP identity store.

I'm unable to find any documentation on this and was wondering if anyone has a setup as such which is working.

Thanks.

0 Helpful
4 Replies 4

Jatin Katyal
Cisco Employee
Cisco Employee

‎01-16-2016 01:01 PM

Well it's actually opposite. LDAP doesn't support PEAP MSCHAPv2.

What identity store are you referring to?  Can you please go to Access-policies > default network access > identity. Let me know what you see there. If you have a identity sequence store selected there then go to User & identity store > Identity store sequence and edit the one you have selected for wireless authentication. I will be able to tell you why you're seeing this error.

- Jatin

~Jatin
0 Helpful