cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
173
Views
0
Helpful
2
Replies

How can I create authentication rule in Cisco ACS 5.6 to find MAC address in Microsoft Active Directory

My topology : Wireless user -> WLC 2504 -> Cisco ACS 5.6 (Joined and Connected AD) -> Microsoft AD (2012)

I want to authenticate wireless user by using Microsoft AD and Cisco ACS 5.6.

I create MAC address of user in Microsoft AD and create identity rule by selecting "Calling-Station-ID" in "RADIUS-IETF" dictionary equal MAC Address or mac-attribute and so on. 

However, ACS cannot find MAC Address in Microsoft AD that give me the error message "22056 Subject not found in the applicable identity store(s)."

I try many RADIUS-IETF attributes but I got same error message.

 

For more information, please see attached files.

 

Please help.

 

Thank you.

Nash

Everyone's tags (1)
2 REPLIES 2

Anyone ever implement this

Anyone ever implement this method of Cisco ACS.

 

Please help.

 

Thank you.

Nash

Highlighted
Beginner

Are you using a controller? I

Are you using a controller? I have 50K users that auth via ad on our wirless.

 

this is what I use:

Access Service:
Default Network Access
Identity Store:
AD1
Authorization Profiles:
Mevo-auth-profile
CTS Security Group:
 
Authentication Method:
PEAP(EAP-MSCHAPv2)

 

the above was from a client that passed auth. my mevo auth profile is a simple

attribute cisco-av-pair  type string   attribute value static pki:cert-application=all

======================

under access policies and default network access.

I have it customized and have these fields. < see attached>