10-22-2015 07:33 AM - edited 02-21-2020 08:31 PM
I am trying to deploy the EAP chain authentication with user and machine certificate.
User credentials are ok, but the machine credentials are wrong.
NAM - Editor - Anyconnect configuration:
Machine credential:
Protected Identity Pattern: host/[username].[domain]
ISE has used the right credetials for authenticantion:
host/machine_name.domain
But during the authorization, I can see the ISE server using the wrong informations:
host/domain
anyone already faced it ?
thanks,
Murilo
10-22-2015 07:34 AM
Do you have Anyconnect attempting to establish the connection before the user logs in? If so, I believe there would be no username associated so the machine would attempt to log in with it's own machine account instead of waiting for the user login.
10-23-2015 01:04 PM
Hi Robert,
I tried to configure the machine authentication with EAP_TLS and it works.
I can see host/machinename.domain
When I tried the authentication with EAP_CHAIN (tunnel EAP Fast + Authentication EAP_TLS) it is not working properly.
1. I have the authetication success. User and Machine credetials OK
2. In the authorization, user is ok too, but the machine credential is wrong.
I expected host/machinename.domain. But the machine credentials comes as host/domain
thanks,
Murilo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide