User not found in AD

Unanswered Question
Nov 11th, 2008

Hi Fella and all,

I've finally complete my wlc setup with IAS as radius server. The setup for one of the user wlan is layer 3 authentication without any layer 2 security.I encounter a problem while authenticating thru web. below is the debug msg from WLC.

Tue Nov 11 19:50:02 2008: ReProcessAuthentication previous proto 1, next proto 2

Tue Nov 11 19:50:02 2008: AuthenticationRequest: 0x14f420b0

Tue Nov 11 19:50:02 2008: Callback.....................................0x1047a188

Tue Nov 11 19:50:02 2008: protocolType.................................0x00000002

Tue Nov 11 19:50:02 2008: proxyState...................................00:1F:3C:15:9C:11-00:00

Tue Nov 11 19:50:02 2008: Packet contains 8 AVPs (not shown)

Tue Nov 11 19:50:02 2008: ReProcessAuthentication previous proto 2, next proto 8

Tue Nov 11 19:50:02 2008: Unable to find requested user entry for XXXXXX

Tue Nov 11 19:50:02 2008: 00:1f:3c:15:9c:11 Returning AAA Error 'Authentication Failed' (-4) for mobile

The wlc getting result from IAS saying that the cannot find the user entry XXXXXX. User XXXXXX is an domain user account with dial-in option enable.It has been in domain for long and accessible from windows logon. Any ideas about this?

Btw, can anyone link to a reference which show an example on external Windows IAS server with WLC setup for web authentication.I couldn't find any related docs for this on Cisco.

Many thanks.

Orochi

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
krishanmistry Wed, 11/12/2008 - 09:51

You will need to define a new security policy within the IAS. I have create a manual policy that just verifies the NAS address as the controller address and changed the service type as logging and have delete the Frame size. you also need to allow the PAP authentication depending on how you have configured the controller.

Also if you have corporate access using the same Radius server I would but this policy below that.

Hope this helps

orochi_yagami Wed, 11/12/2008 - 17:29

Hi Krishannistry,

Ya,i'm suspecting it's something related to the authentication between IAS and the AD. Since you mentioned,i believe that the policy that cause the problem. Do you mind sharing more about the policy that you've created in your environment?like e.g.: how the NAS address you defined....

Thanks for your help.

regards

Actions

This Discussion