Authenticating wireless clients against multiple domains

Unanswered Question
Aug 27th, 2008

Hi


I have a solution where I am trying to implement which involves using ACS SE to authenticate against two AD domains. There is a two way trust relationship between the two domains. I can see both domains under the external user databases, however currently I can authenticate against the domain the that server which the remote agent is on but not the other, wireless clients that are not getting authenticated are receiving the following message in ACS under failed attempts:


Authen session timed out: Challenge not provided by client.


Is there any thing to watch out fot when authenticating to multiply domains.


many thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Premdeep Banga Thu, 08/28/2008 - 15:05

this message "Authen session timed out: Challenge not provided by client." means that AAA server timed out waiting on reply from end client. This is a very general in wireless networks and could also point towards client misbehaving and not replying to access-challenge in a timely fashion.


To authenticate users from multiple domain. First ensure that you have followed following document,

Windows Authentication Configuration:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp311476


Make sure that you are running compatible RA with ACS SE. Both must have same version.


This is how you can test, as example on an Access point CLI,


test aaa group radius legacy


Other then this. Increase the logging level on ACS to full. As you have ACS SE, check the WinAgent logs. They should provide you some more information, as why user authentication from trusted domain is failing.


Regards,

Prem


Please rate if it helps!

Actions

This Discussion