we have the following implementation:
Cisco Access Points mainly 1200 series and 1130, Cisco ACS v.4.1, and MS Active Directory.
I've used a self generated Certificate on the Cisco ACS, and installed it on the local PC, also linked Cisco ACS with AD, with a group mapping for allowing access to WLAN.
I got two group mapping in ACS to two domain group in Active Directory:
ACS -Group 1 = AD -Wifi_student
ACS -group 2 = AD -Wifi_employe
when a user is not in the both domain group(AD) try to authenticate, the user pass the authentification. it suppose to fail. Only the user in the group a alllow to authenticate.
do you think it is a bug of ACS 4.1 ?
do you think it is a misconfiguration of the windows policy ?
do you think to create local group instead domin group