I'm having issues authenticating (MS-PEAP) a user in a MS Domain/Active Directory on W2K or W2003. I have installed the latest remote agent and the ACS sees the agent. I can define a local user to the ACS and authenticate with no problems. However, I have configured the unknown user properly and the group mappings. I see in the failed attempts log I am sending DOMAIN\UserID properly, however it is failing with an "Internal Error". In the documentation, (I am not an MS expert), I am confused about two items. First, for the Computer Account named CISCO, all users must be able to logon using that account. All users have the attribute to allow them to logon to any computer. That should cover the CISCO computer account, right?
Secondly, I do not follow this documentation instruction:
"To the user account that you create, grant Read all properties permission for all Active Directory folders containing users that ACS must be able to authenticate. To grant permission for Active Directory folders, access Active Directory from the Microsoft Management Console and the security properties for the folders that contain users whom ACS will authenticate."
What folder is that which I should grant these permissions? Thanks for any hints and suggestions.