The "Failed Attempts" log on the ACS 4.1 began showing entries that I do not understand. The backend is Active Directory.
Basically, the entry it is in this format:
date,time,authen failed,foreigndomain\user,localadmingroupname,callerid,External DB user invalid or bad password,... etc.
This is what I don't understand: It appears that the "foreigndomain\user" entry must be a foreign device that is trying to authenticate to our wireless environment (PEAP). But why is it showing the group name as our ACS administrators group!? Shouldn't it see the "foreigndomain\user" as another group like "Default Group"? I have the "\Default" group mapping set to "Default Group".