06-19-2008 07:19 PM - edited 03-10-2019 03:55 PM
Hello,
We're running ACS 3.3 on a Windows 2003 server. We're using this server for Radius and integrating a Windows database.
Our wireless clients use PEAP to authenticate.
Suddenly none of our wireless clients can authenticate throughout our enterprise, which is turning out to be quite a serious problem.
Our configuration hasn't changed. I'm wondering if something happened to our certificate. We're using a self signed certificate that we generated via ACS.
Can I simply issue a new cert via ACS and see what happens?
I'm really in a bind right now.
Thanks
06-20-2008 06:32 AM
Self sign certs are only valid of one year. Since all wireless users cant connect, I believe that ACS cert has expired.
Please go ahead and install new SSCert.
Regards,
~JG
Do rate helpful posts
06-20-2008 07:38 AM
Thanks JG,
So simply going into ACS, System Config, Generate new Self Signed Cert, and then installing it may solve the problem?
Will this effect any other settings?
Thanks,
John
06-20-2008 08:42 AM
Yes, that is all we need to do. It will not effect any other settings.
Regards,
~JG
06-20-2008 09:29 AM
Hello JG,
You are correct, thanks. Just paranoid, I guess.
In the ACS System Configuration to generate a new self signed cert, I want to make sure I don't need to change the any of the fields that are already entered. It looks like I just need to enter the private key password, and then check the box to "Install generated Certificate", and submit.
Thanks,
John
06-20-2008 11:43 AM
Yes, John.
That will do it.
Regards,
~JG
06-20-2008 12:38 PM
Well JG, I was hoping for the best, but we're still having authentication problems.
We're getting "External DB Account Restriction" errors. I already went through all the posts for this error.
Do you have any experience with this error?
Thanks,
John
06-20-2008 01:09 PM
John,
That error comes due to permission issue. Make sure accounting running remote agent / or acs services, should have domain admin rights.
Configuring for Member Server Authentication
Regards,
~JG
06-20-2008 01:49 PM
JG,
Is this documant also applicable to ACS 3.3? Thanks, it has a lot of good info in it. I'm going over it now.
We're running ACS on a Domain Controller and all ACS services are using the Domain Admin account to login.
Anything else it could be?
Thanks,
John
06-20-2008 02:11 PM
John,
Please check your group mapping. It may be possible that user is getting mapped to disabled group.
If that is not the issue then we need to see auth.log , that will tell us what is the reason for failure.
Increase the loggin level to full and recreate the issue and see auth.log
Regards,
~JG
06-20-2008 02:23 PM
Sorry, where exactly in ACS do I increase the logging level to full.
Thanks for your help.
John
06-21-2008 12:26 PM
JG,
We wound up installing ACS on another server, but I'm sure it was a Windows permission issue as you pointed out. We didn't have enough time to investigate further.
Thanks,
John
06-23-2008 05:12 AM
John,
I hope installing acs on another server, fixed it.
All the best !
Regards,
~JG
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: