WLC domain user authentication

Answered Question
May 12th, 2008

Hi Guru's

Im having a problem in configuring my WLC domain users. I have ACS v3.3 and WLC 4112.

I followed this instruction but still i keep on authenticating whenever i tried to connect my Laptop to certain SSID. And also, the windows login prompt me only once. Please help me

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml#manual

thanks.

I have this problem too.
0 votes
Correct Answer by SHANNON WYATT about 8 years 8 months ago

What said "Machine Authentication is not permited"?

Make sure that ACS has it enabled:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (4 ratings)
Loading.
jong_r0602 Tue, 05/13/2008 - 16:08

Hi Andrew,

Thanks for the response,

Im currently using PEAP. im able to connect but it keep saying "attempting to authenticate"

I dont know what is the point of failure here. Appreciate your help

Thanks,

Jong

jong_r0602 Wed, 05/14/2008 - 15:53

Here's also the log's on my WLC

Its saying "00:0e:35:c0:78:d3 /user 'unknown'" but my login works fine in other device AAA client using external DB also.

Log System Time Trap

0 Wed May 14 23:47:03 2008 RADIUS server 202.162.160.253:1812 failed to respond to request (ID 138) for client 00:0e:35:c0:78:d3 / user 'unknown'

Thanks,

Jong

jong_r0602 Thu, 05/15/2008 - 16:30

yes i have configured my ACS server to authenticate the user's request via AD.

Sometimes the ACS said that my login is authenticated but sometimes failed. And it takes a long time (10-15 min) to reauthenticate again. And WLC saying "Radius not responding. But sometimes its good.

SHANNON WYATT Fri, 05/16/2008 - 17:44

Have you configured the ACS server to use PEAP? Do you have a certificate on the ACS server (not the self signed cert, but one from a CA?)

jong_r0602 Sat, 05/17/2008 - 03:00

yes i have configured PEAP and LEAP on my ACS. Our systems admin configured a certicate and that's what im using on my ACS. But when im get connected, its suddenly disconnected. Im using 8

SHANNON WYATT Sat, 05/17/2008 - 08:08

Get your config working with LEAP first. Since LEAP doesn't require Certs it eliminates any cert issues. Test with local accounts on the ACS as that removes any issue between the ACS and AD. Also make sure you have the appropriate drivers on the clients.

nrparks024 Sat, 05/17/2008 - 16:07

run a debug on the controller. debug client and then debug aaa events enable. this should lead you in the direction to see what and where it is failing.

jong_r0602 Mon, 05/19/2008 - 23:41

I think my authentication is now been resolved. But i still have a problem, whenever the user logout on the workstation the session will disconnect to the network. Is there a way to make the connection still connected?

Thanks

Jong

SHANNON WYATT Tue, 05/20/2008 - 03:17

Yes, if you are using the Microsoft Zero Config client you need to select the option to authenticate as a computer as available. You should see in your logs either a pass or fail as "host\computername".

If you are using another client (Intel, Cisco, etc), you may or may not be able to make this work. I know on the Intel you can make a persistent connection.

jong_r0602 Tue, 05/20/2008 - 21:03

Hi,

I tried and it said "Machinea authentication is not permitted". What action should i need to do next?

Thanks,

Jong

jong_r0602 Thu, 05/22/2008 - 15:51

Yes, I thinks this will work. I'll let you know once I implemented the config.

Good document!

Thanks,

Jong

Actions

This Discussion