cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3863
Views
0
Helpful
1
Replies

ACS 5.2 - Machine certificate authentication

ThibaultMean
Level 1
Level 1

Hello,

Is there a way to authenticate a windows computer in ACS 5.2 for 802.1x only with a certificate.

The Computer is from a different active directory than the one that is configured in ACS.

I tried importing the cert into "external indentity Stores" > "certificate authorities", then setup the computer to use smart card or certificate, then selected the certificate from the other AD.

when i look at the ACS log, here is the message i can see  :

22044 Identity policy result is configured for certificate based authentication methods but received password based

Any idea?

Regards.

1 Reply 1

jrabinow
Level 7
Level 7

The result of an identity policy can reference results of one of the following kinds

- identity store (for password based authentication)

- certificate authentication profile (for certificate based authentication)

The error you are seeing is when a password based authentication request is received but the result of the selected identity policy is a certificate authentication profile

If you want the identity policy to support both methods I think what you need to do is create an identity sequence. (Users and Identity Stores >Identity Store Sequences > Create)

- Select "Certificate Based" option and then the Certificate Authentication Profile

- Select "Password Based" and then the identity stores to be used for authentication

Then select the identity sequence as the result in the identity policy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: