11-30-2010 07:51 AM - edited 02-21-2020 04:10 AM
Here's my situation. I currently have 802.1x working perfectly with Microsoft IAS, but we are wanting to use ACS 4.0 due to the fact that we also need the IP Phones to authenticate as well using EAP-TLS. I have configured ACS correctly (so I think) and my machines fail everytime. Here's what I've configured in ACS so far.
Installed certificate from Root CA.
Installed Root CA certificates.
I have trusted all certificates all the way up the chain to the Root ( we have multiple Root CA's as well as Intermediate CA's) The only thing I'm not sure about on this one is the certficate for ACS is given from a different CA but both workstation and ACS certificates ROOT CA is the same.
Group Settings: IETF Radius Attributes
[006] Service-Type = Framed
Network Configuration: AAA Client is authenticating using Radius (IETF)
AAA Server Type is RADIUS (can I Cisco ACS???)
System Configuration: Global Authentication Setup - Allow EAP-TLS - Cert CN comparison
External User Databse: Windows Database - Selected our Domain
Enable EAP-TLS machine authentication (host/)
Database Group Mappings: NTGroups- Have AD security group selected that host machines are in, CiscoSecureGroup Default
This is where I get a little confused. I have configured our test switch to authenticate with IAS and it works great, configure it to go to the ACS server and we get nothing, I don't event get any errors and anything sent to the logs. Where am I going wrong????
12-14-2010 06:43 AM
Hi Joshua,
Please make sure you have followed all steps as mentioned in the config guide. ACS 3.2 or 4.x, most of the things are same as far as config is concern.
thanks,
Vinay
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
12-14-2010 06:53 AM
Vinay,
Thanks for the response. I managed to get things working by using the SAN with the certificate instead of the CN. Our server received its cert from the Root CA where the workstations receive their certs from an Intermediate CA.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: