• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4666
  • Last Modified:

CISCO ACS 5.1

Hi

Iam trying to set up Machine only authentication for my clients using EAP-TLS. Iam using ACS5.1 and Windows AD.

The certificates are installed on both the ACS and the client but the clinet is not getting authenticated .please see the attcahed file with the detailed error message.

Any help would be very greatful.

The Log

11001  Received RADIUS Access-Request
11017  RADIUS created a new session
Evaluating Service Selection Policy
15004  Matched rule
15012  Selected Access Service - WLAN Access Policy
11507  Extracted EAP-Response/Identity
12500  Prepared EAP-Request proposing EAP-TLS with challenge
11006  Returned RADIUS Access-Challenge
11001  Received RADIUS Access-Request
11018  RADIUS is re-using an existing session
12502  Extracted EAP-Response containing EAP-TLS challenge-response and accepting EAP-TLS as negotiated
12800  Extracted first TLS record; TLS handshake started.
12805  Extracted TLS ClientHello message.
12806  Prepared TLS ServerHello message.
12807  Prepared TLS Certificate message.
12809  Prepared TLS CertificateRequest message.
12505  Prepared EAP-Request with another EAP-TLS challenge
11006  Returned RADIUS Access-Challenge
11001  Received RADIUS Access-Request
11018  RADIUS is re-using an existing session
12504  Extracted EAP-Response containing EAP-TLS challenge-response
12505  Prepared EAP-Request with another EAP-TLS challenge
11006  Returned RADIUS Access-Challenge
11001  Received RADIUS Access-Request
11018  RADIUS is re-using an existing session
12504  Extracted EAP-Response containing EAP-TLS challenge-response
12505  Prepared EAP-Request with another EAP-TLS challenge
11006  Returned RADIUS Access-Challenge
11001  Received RADIUS Access-Request
11018  RADIUS is re-using an existing session
12504  Extracted EAP-Response containing EAP-TLS challenge-response
11514  Unexpectedly received empty TLS message; treating as a rejection by the client
12512  Treat the unexpected TLS acknowledge message as a rejection from the client
11504  Prepared EAP-Failure
11003  Returned RADIUS Access-Reject



Regards
Kiran
Error-Message.doc
0
kiranvvkk
Asked:
kiranvvkk
  • 2
1 Solution
 
Aaron StreetInfrastructure ManagerCommented:
Sorry not sure, seems like there is a miss match in the autnentication some where ?

I am currently installing ACS as we speack so should have it up and running tomorrow and I will have a look in to this as I will be looking at some thing simmler in my set up.
0
 
moukeeCommented:
I have the same issue with WinXP SP3 supplicant + 3650 switch + ACS 5.1 + Mocrosoft CA on WIndows Server 2003. Authentication works fine without certificates using AD as external identity store - all users or computers, that are present in domain gain access to network. Problem is in certificates - machine and user. Maybe it is SP3 issue? Don't have possibility to test on other OS.
0
 
kiranvvkkAuthor Commented:
The problem is solved for me at least the issue was i had to reg key to all the client pc so that they use only machine authentication
0
 
kiranvvkkAuthor Commented:
Hi Moderators

The issue is solved can the points be refunded.

regards
Kiran
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now