Windows client authenticating fine but the for EAP-TLS/Machine authentication but the Macintosh client does not. Background: The issue is due to the Windows client prepends a "host/" in front of the name on the certificate and the Macintosh client does not.
Macintosh client in failed authentication log on ACS.: 02/16/2011 07:28:53 Authen failed xyz.domain.com Default Group External user not found
Windows Client: 02/17/2011 07:29:52 Authen OK host/xyz.domain.com Network-Switch. How to configure MAC OS to work using EAP TLS. To make it work Cert should have,
The CN as host/computername@domainname The SAN as DNS=computername@domainname
The two names have to be different as shown above. To make this work we need the CN=host/ and the SAN name without the host/.
If we just used the existing ‘machine’ template in the Microsoft CA server, and changed the CN name we will not get any SAN name at all.
--> By default, a CA that is configured on a Windows Server 2003-based computer does not issue certificates that contain the SAN extension. If SAN entries are included in the certificate request, these entries are omitted from the issued certificate.
To get the SAN attribute in the certificate, on the Cert we need to run the following commands at a command prompt on the server that runs the Certification Authority service.
Press ENTER after each command.
certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2 net stop certsvc net start certsvc”
--> Then generate and import a certificate that had the correct names. --> Set up the ACS to use the SAN name as for the comparison and the “outer identity” as the username.
FPR-1010 with ASA 9.14(1)30.Clientless VPN is not showing any bookmarks (there's simply section showing up, multiple browsers), even though they have been configured in the DAP & GP and debugs are showing that they have been applied after the user log...
Hi, a customer has a ESA Cluster of two C100V.the CPU usage es overall very high ( 85% sometimes 100% ) but the Appliance does not seam busy.Why ist the CPU average so high? SystemRAM Utilization 4%Overall CPU load average 86%CPU UtilizationMGA ...
Hello guys,I have 2x ASA 5545c in cluster mode in ACTIVE/ACTIVE mode. Problem is when one unit goes down ASA stop advertising route via OSPF to ASR 1001X router.As you can see in output i can see ASAs MAC addresse from ASR but after failover arp isnt upda...
Hi, I'm on my second attempt of trying to upgrade the FPR2140 to 6.6 from version 6.3. followed the 6.3 guide and it mentions that during the upgrade you get logged out of the GUI, and that it could take 30+ minutes to complete. The guide says not to...