cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
786
Views
24
Helpful
12
Replies

ACS 3.3 PEAP authentication problem

jdamone
Level 1
Level 1

Hello,

We're running ACS 3.3 on a Windows 2003 server. We're using this server for Radius and integrating a Windows database.

Our wireless clients use PEAP to authenticate.

Suddenly none of our wireless clients can authenticate throughout our enterprise, which is turning out to be quite a serious problem.

Our configuration hasn't changed. I'm wondering if something happened to our certificate. We're using a self signed certificate that we generated via ACS.

Can I simply issue a new cert via ACS and see what happens?

I'm really in a bind right now.

Thanks

12 Replies 12

Jagdeep Gambhir
Level 10
Level 10

Self sign certs are only valid of one year. Since all wireless users cant connect, I believe that ACS cert has expired.

Please go ahead and install new SSCert.

Regards,

~JG

Do rate helpful posts

Thanks JG,

So simply going into ACS, System Config, Generate new Self Signed Cert, and then installing it may solve the problem?

Will this effect any other settings?

Thanks,

John

Yes, that is all we need to do. It will not effect any other settings.

Regards,

~JG

Hello JG,

You are correct, thanks. Just paranoid, I guess.

In the ACS System Configuration to generate a new self signed cert, I want to make sure I don't need to change the any of the fields that are already entered. It looks like I just need to enter the private key password, and then check the box to "Install generated Certificate", and submit.

Thanks,

John

Yes, John.

That will do it.

Regards,

~JG

Well JG, I was hoping for the best, but we're still having authentication problems.

We're getting "External DB Account Restriction" errors. I already went through all the posts for this error.

Do you have any experience with this error?

Thanks,

John

John,

That error comes due to permission issue. Make sure accounting running remote agent / or acs services, should have domain admin rights.

Configuring for Member Server Authentication

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/installation/guide/windows/postin.html#wp1041304

Regards,

~JG

JG,

Is this documant also applicable to ACS 3.3? Thanks, it has a lot of good info in it. I'm going over it now.

We're running ACS on a Domain Controller and all ACS services are using the Domain Admin account to login.

Anything else it could be?

Thanks,

John

John,

Please check your group mapping. It may be possible that user is getting mapped to disabled group.

If that is not the issue then we need to see auth.log , that will tell us what is the reason for failure.

Increase the loggin level to full and recreate the issue and see auth.log

Regards,

~JG

Sorry, where exactly in ACS do I increase the logging level to full.

Thanks for your help.

John

JG,

We wound up installing ACS on another server, but I'm sure it was a Windows permission issue as you pointed out. We didn't have enough time to investigate further.

Thanks,

John

John,

I hope installing acs on another server, fixed it.

All the best !

Regards,

~JG

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: