MAB ACS 4.1 ACtive Directoy Pb

Unanswered Question
May 24th, 2007
User Badges:

Hello


I have an appliance ACS v4.1 and I use 802.1X PEAP authentication.


All work fine for PC which are 802.1X compliant with an external database Active Directory


But when you wan't to authenticate a non 802.1X device such as printer, the ACS log an "Internal Error" in Authentication failure code on the Failed report.


I have create an object on AD that have the username = @MAC and password = @MAC


Can you tell me if you have solution to solve this problem ?


Thanks for your help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
s.berthier Mon, 05/28/2007 - 22:44
User Badges:

Hi,


I have look this configuration, but in "Network Access Profile" you can only configure a type of Mac authentication bypass with ACS Internal Database or LDAP Server but not with an Active Directory Database ?

When I configure This whis Internal Database it's work fine and the message "Internal Error" don't Appear.

But I have look on a meeting, that can do this with an Active Directoy database .


If you have other solutions


Thanks



Premdeep Banga Fri, 06/01/2007 - 17:16
User Badges:
  • Gold, 750 points or more

Hi,


I haven't done that, might not be possible either. But you can start with how exactly the unknown device is being discovered.


If you have ACS for windows, turn it on to full logging from System Configuration > Service Control > Level of Detail > Full > Restart.


And when the authentication fails with Internal Error code, take the time stamp when it failed, and search how exactly the device was searched from Auth.log file. Its a simple readable text file. found from,


\CSAuth\Logs


It will give you a pretty good idea.


Do share the result!


Regards,

Prem

s.berthier Mon, 06/04/2007 - 07:28
User Badges:

Hello


I have an appliance ACS and log don't show nothing else that :


05/25/2007 17:00:51 Authen failed 000d6013d891 Printers 00-0D-60-13-D8-91 (Default) Internal error .. .. 50019 10.253.104.94 .. .. .. .. .. gvanet01 ..


I can't have a more precisely log i think


I have open a call on cisco and i wait for a reponse


thanks


Jagdeep Gambhir Mon, 06/04/2007 - 07:39
User Badges:
  • Red, 2250 points or more

Hi,

This is how you can get logs from acs appliance,


Make sure login is full,


System Configuration --> Support --> Run Support Now.


After a min it will ask you to save a file"Package.cab". This file contains all of the log information from ACS.


Thanks

jafrazie Mon, 06/04/2007 - 17:11
User Badges:
  • Cisco Employee,

First, ACS should not log "Internal Error" in Authentication failure code on the Failed report.


It should also work by creating an object on AD if you like for the username = @MAC and password = @MAC.


This documentation reference is incorrect to achieve such an operation:

<http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs40/user/sp.htm#wp1160819>


You're running into CSCsh62641. This has been fixed and you need ACS 4.1(3). See the release notes here:

<http://www.ciscosystems.ch/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs41/rnotes/rnacs413.htm>


The summary is, it allows you to only look at the CLID field (Re: the way "MAB: is documented above) OR to be able to just define a MAC as a "user account" somewhere like in Active Directory.


Hope this helps,

s.berthier Tue, 06/05/2007 - 00:36
User Badges:

Hello


Thanks for your help


In fact I will try to obtain Upgrade to ACS 4.1(3) and i will tell you if it works


Thanks

s.berthier Thu, 06/07/2007 - 02:28
User Badges:

Hello


The problem is solve when I upgrade ACS to 4.1.3.12.


And now i have no error message and Mac Authentication Bypass works fine with Active Directory


Thanks for your help


Actions

This Discussion