Showing results for 
Search instead for 
Did you mean: 

ACS 5.5 + Radius Identity stores

Sharin Taib


I have an ACS version 5.5 setup with Radius identity stores.

Currently, my wireless users login to a captive portal that sends EAP_ASCII to my ACS which then sends the credentials over to the individual radius identity stores.

I am attempting to change the login process for my wireless users by sending EAP_PEAP with no 2nd level authentication over to my ACS.

But i keep getting an error as such

22043  Current Identity Store does not support the authentication method; Skipping it.
22056  Subject not found in the applicable identity store(s).

My vendor said that ACS version 5.5 + Radius identity stores does not support EAP_PEAP and will need to re-configure as a LDAP identity store.

I'm unable to find any documentation on this and was wondering if anyone has a setup as such which is working.


4 Replies 4

Jatin Katyal
Cisco Employee
Cisco Employee

Well it's actually opposite. LDAP doesn't support PEAP MSCHAPv2.

What identity store are you referring to?  Can you please go to Access-policies > default network access > identity. Let me know what you see there. If you have a identity sequence store selected there then go to User & identity store > Identity store sequence and edit the one you have selected for wireless authentication. I will be able to tell you why you're seeing this error.

- Jatin