collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: ACS5.5 eap negotiation  (Read 3994 times)

Offline AndrewMac

  • Cisco Newbie
  • *
  • Posts: 2
  • Reputation: 1
  • Certification: N/A
ACS5.5 eap negotiation
« on: January 13, 2014, 09:35:12 PM »
Hello

Wondering if there is anyway to tell the ACS to tell the client to prefer a particular EAP type inner method.

For example first try PEAP-GTC to authenticate against Novell eDirectory store, if the client is a windows device then try using PEAP-MSCHAPv2 then authenticate against an AD store

currently I have created an identity store that lists Novell eDirectory first and then AD, but it seems that the client negotiation prefers clients to try PEAP-MSCHAPv2

Any thoughts on the matter would be appreciated


Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 398
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: ACS5.5 eap negotiation
« Reply #1 on: January 16, 2014, 04:11:37 AM »
I don't think there is a straightforward way of doing this, if at all possible. ACS only allows you to set prefer protocol under Allowed Protocol list but that is only for the outer method. MoSt likely you need to use Rule Based authentication instead of simple and then if you can select inner method as a condition, map it to appropriate Identity Store but this still require the client to know which authentication protocol to use.

Offline AndrewMac

  • Cisco Newbie
  • *
  • Posts: 2
  • Reputation: 1
  • Certification: N/A
Re: ACS5.5 eap negotiation
« Reply #2 on: January 16, 2014, 11:44:49 PM »
Thanks MC

there does not be a easy way to do it.

For Aruba clearpass and freeradius I found options with ldap over ssl
had allow the bind user to retrieve password in the universal policy in edirectory
checked Allow bind using user password
Password Attribute: nspmPassword
Password Type: cleartext

But can't seem to find a similar option for ACS

Cheers

 

SimplePortal 2.3.7 © 2008-2024, SimplePortal