WLC domain user authentication

Answered Question
May 12th, 2008
User Badges:

Hi Guru's


Im having a problem in configuring my WLC domain users. I have ACS v3.3 and WLC 4112.


I followed this instruction but still i keep on authenticating whenever i tried to connect my Laptop to certain SSID. And also, the windows login prompt me only once. Please help me


http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml#manual


thanks.

Correct Answer by SHANNON WYATT about 9 years 1 week ago

What said "Machine Authentication is not permited"?


Make sure that ACS has it enabled:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (4 ratings)
Loading.
jong_r0602 Tue, 05/13/2008 - 16:08
User Badges:

Hi Andrew,


Thanks for the response,

Im currently using PEAP. im able to connect but it keep saying "attempting to authenticate"


I dont know what is the point of failure here. Appreciate your help


Thanks,

Jong





jong_r0602 Wed, 05/14/2008 - 15:53
User Badges:

Here's also the log's on my WLC


Its saying "00:0e:35:c0:78:d3 /user 'unknown'" but my login works fine in other device AAA client using external DB also.


Log System Time Trap

0 Wed May 14 23:47:03 2008 RADIUS server 202.162.160.253:1812 failed to respond to request (ID 138) for client 00:0e:35:c0:78:d3 / user 'unknown'


Thanks,

Jong

Scott Fella Wed, 05/14/2008 - 17:43
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Verify the shared secret key between the ACS and the WLC.

jong_r0602 Thu, 05/15/2008 - 16:30
User Badges:

yes i have configured my ACS server to authenticate the user's request via AD.


Sometimes the ACS said that my login is authenticated but sometimes failed. And it takes a long time (10-15 min) to reauthenticate again. And WLC saying "Radius not responding. But sometimes its good.




SHANNON WYATT Fri, 05/16/2008 - 17:44
User Badges:

Have you configured the ACS server to use PEAP? Do you have a certificate on the ACS server (not the self signed cert, but one from a CA?)

jong_r0602 Sat, 05/17/2008 - 03:00
User Badges:

yes i have configured PEAP and LEAP on my ACS. Our systems admin configured a certicate and that's what im using on my ACS. But when im get connected, its suddenly disconnected. Im using 8

SHANNON WYATT Sat, 05/17/2008 - 08:08
User Badges:

Get your config working with LEAP first. Since LEAP doesn't require Certs it eliminates any cert issues. Test with local accounts on the ACS as that removes any issue between the ACS and AD. Also make sure you have the appropriate drivers on the clients.

nrparks024 Sat, 05/17/2008 - 16:07
User Badges:

run a debug on the controller. debug client and then debug aaa events enable. this should lead you in the direction to see what and where it is failing.

jong_r0602 Mon, 05/19/2008 - 23:41
User Badges:

I think my authentication is now been resolved. But i still have a problem, whenever the user logout on the workstation the session will disconnect to the network. Is there a way to make the connection still connected?


Thanks

Jong

SHANNON WYATT Tue, 05/20/2008 - 03:17
User Badges:

Yes, if you are using the Microsoft Zero Config client you need to select the option to authenticate as a computer as available. You should see in your logs either a pass or fail as "host\computername".


If you are using another client (Intel, Cisco, etc), you may or may not be able to make this work. I know on the Intel you can make a persistent connection.

jong_r0602 Tue, 05/20/2008 - 21:03
User Badges:

Hi,


I tried and it said "Machinea authentication is not permitted". What action should i need to do next?


Thanks,

Jong

jong_r0602 Thu, 05/22/2008 - 15:51
User Badges:

Yes, I thinks this will work. I'll let you know once I implemented the config.


Good document!


Thanks,

Jong

Actions

This Discussion