Are you using a controller? I

Nashja · ‎06-29-2015

My topology : Wireless user -> WLC 2504 -> Cisco ACS 5.6 (Joined and Connected AD) -> Microsoft AD (2012)

I want to authenticate wireless user by using Microsoft AD and Cisco ACS 5.6.

I create MAC address of user in Microsoft AD and create identity rule by selecting "Calling-Station-ID" in "RADIUS-IETF" dictionary equal MAC Address or mac-attribute and so on.

However, ACS cannot find MAC Address in Microsoft AD that give me the error message "22056 Subject not found in the applicable identity store(s)."

I try many RADIUS-IETF attributes but I got same error message.

For more information, please see attached files.

Please help.

Thank you.

Nash

Nashja · ‎07-08-2015

Anyone ever implement this method of Cisco ACS.

Please help.

Thank you.

Nash

debaker · ‎07-24-2015

Are you using a controller? I have 50K users that auth via ad on our wirless.

this is what I use:

Access Service:	Default Network Access
Identity Store:	AD1
Authorization Profiles:	Mevo-auth-profile
CTS Security Group:
Authentication Method:	PEAP(EAP-MSCHAPv2)

the above was from a client that passed auth. my mevo auth profile is a simple

attribute cisco-av-pair type string attribute value static pki:cert-application=all

======================

under access policies and default network access.

I have it customized and have these fields. < see attached>

How can I create authentication rule in Cisco ACS 5.6 to find MAC address in Microsoft Active Directory