ACSv3.2 with 802.1x client authenticaiton using LEAP

mguzman4158 · ‎08-20-2007

Hi there,

I was wondering if this has happened to anyone here. I have a Windows 2000 Server running ACSv3.2 - Once every 4 months ACS will fail to authenticate all the wireless users that have Active Directory accounts. Auth-Failure code: ?External DB account Restriction ?it seems that once I rebooted the server everything comes back to normal. Has anyone experienced this issue? Do I need to update to the latest ACS version?

Thank you in advance.

Jagdeep Gambhir · ‎08-20-2007

First of all I would suggest you to upgrade acs to 3.3.3 or .4 as the code you have has many issues and vulnerabilities.

When auth stops , what is the status of acs servives ? , running or stopped ? I would like to see msinfo32 to find out if any unsupported software is there.

Regards,

~Jg

m-heard · ‎08-27-2007

Hi,

I have experienced the exact same problem.

Here's the Cisco bug that identifies this problem.

CSCsd52574 Bug Details

Symptom:

When machine authentication (EAP-FAST/MS_CHAP) is attempted after

ACS has lost and then regained connectivity to the global catalog

server, authentication may fail and the following message may be

generated in the auth.log file:

MachineSPNToSAM: __DsCrackNames failed auth.log

In an environment where there is more than one global catalog server

for the domain, ACS will not search for the "secondary" catalog server

if the "primary" goes down.

Condition:

ACS is installed on a domain member server.

Workaround:

Re-start csauth.exe.

Hope this helps