kiranvvkk
asked on
CISCO ACS 5.1
Hi
Iam trying to set up Machine only authentication for my clients using EAP-TLS. Iam using ACS5.1 and Windows AD.
The certificates are installed on both the ACS and the client but the clinet is not getting authenticated .please see the attcahed file with the detailed error message.
Any help would be very greatful.
The Log
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
Evaluating Service Selection Policy
15004 Matched rule
15012 Selected Access Service - WLAN Access Policy
11507 Extracted EAP-Response/Identity
12500 Prepared EAP-Request proposing EAP-TLS with challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12502 Extracted EAP-Response containing EAP-TLS challenge-response and accepting EAP-TLS as negotiated
12800 Extracted first TLS record; TLS handshake started.
12805 Extracted TLS ClientHello message.
12806 Prepared TLS ServerHello message.
12807 Prepared TLS Certificate message.
12809 Prepared TLS CertificateRequest message.
12505 Prepared EAP-Request with another EAP-TLS challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12504 Extracted EAP-Response containing EAP-TLS challenge-response
12505 Prepared EAP-Request with another EAP-TLS challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12504 Extracted EAP-Response containing EAP-TLS challenge-response
12505 Prepared EAP-Request with another EAP-TLS challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12504 Extracted EAP-Response containing EAP-TLS challenge-response
11514 Unexpectedly received empty TLS message; treating as a rejection by the client
12512 Treat the unexpected TLS acknowledge message as a rejection from the client
11504 Prepared EAP-Failure
11003 Returned RADIUS Access-Reject
Regards
Kiran
Error-Message.doc
Iam trying to set up Machine only authentication for my clients using EAP-TLS. Iam using ACS5.1 and Windows AD.
The certificates are installed on both the ACS and the client but the clinet is not getting authenticated .please see the attcahed file with the detailed error message.
Any help would be very greatful.
The Log
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
Evaluating Service Selection Policy
15004 Matched rule
15012 Selected Access Service - WLAN Access Policy
11507 Extracted EAP-Response/Identity
12500 Prepared EAP-Request proposing EAP-TLS with challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12502 Extracted EAP-Response containing EAP-TLS challenge-response and accepting EAP-TLS as negotiated
12800 Extracted first TLS record; TLS handshake started.
12805 Extracted TLS ClientHello message.
12806 Prepared TLS ServerHello message.
12807 Prepared TLS Certificate message.
12809 Prepared TLS CertificateRequest message.
12505 Prepared EAP-Request with another EAP-TLS challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12504 Extracted EAP-Response containing EAP-TLS challenge-response
12505 Prepared EAP-Request with another EAP-TLS challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12504 Extracted EAP-Response containing EAP-TLS challenge-response
12505 Prepared EAP-Request with another EAP-TLS challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12504 Extracted EAP-Response containing EAP-TLS challenge-response
11514 Unexpectedly received empty TLS message; treating as a rejection by the client
12512 Treat the unexpected TLS acknowledge message as a rejection from the client
11504 Prepared EAP-Failure
11003 Returned RADIUS Access-Reject
Regards
Kiran
Error-Message.doc
I have the same issue with WinXP SP3 supplicant + 3650 switch + ACS 5.1 + Mocrosoft CA on WIndows Server 2003. Authentication works fine without certificates using AD as external identity store - all users or computers, that are present in domain gain access to network. Problem is in certificates - machine and user. Maybe it is SP3 issue? Don't have possibility to test on other OS.
ASKER
The problem is solved for me at least the issue was i had to reg key to all the client pc so that they use only machine authentication
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I am currently installing ACS as we speack so should have it up and running tomorrow and I will have a look in to this as I will be looking at some thing simmler in my set up.