ACS an Win 2k3 AD attribute mapping

Unanswered Question
Feb 5th, 2008
User Badges:


I have a problem with 802.1x (PEAP) authentication for wired clients. If the option "Log On To" in AD is enabled, authentication failed. Without this option everything works fine.

I suspect that I'm missing something in ACS configuration which uses AD as external database.

Which ACS attribute corresponds to "Log On To" option in AD?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jhillend Tue, 02/19/2008 - 09:58
User Badges:
  • Bronze, 100 points or more

Is the external database configuration for the Windows database set up correctly?

Can you successfully use the AD credentials to log in via a plane text password, such as logging into a router?

Are the users statically configured? If so, they will need to have their password type set to "Windows Database".

Or, are you using the Unknown User configuration? If so, is that properly configured to use the Windows database?

marko.keca Tue, 02/19/2008 - 23:46
User Badges:


I'm using AD as external database only for PC clients. Users are mapped to groups on ACS. Problem arise only with option "Log On To" in AD which restricts users to login only on specific machines.

If this option is disabled everything works great. Even changing password from PC.

So I think that AD waits for some other attribute except domain/user/pass, but I can't figured it out which.


This Discussion