I hope you can help as I am sure I am missing something basic.
Using IAS to authenticate admin and Lobby ambassador to a wlc running 4.2.
Created a group wlc Admin in windows ad.
Added a user to the group to test. The user works pw etc as I have tested this.
Event log from IAS is here
User test was denied access.
Fully-Qualified-User-Name = WIRELESSDATANET\test
NAS-IP-Address = 192.168.1.200
NAS-Identifier = WLAN-LAB
Called-Station-Identifier = <not present>
Calling-Station-Identifier = <not present>
Client-Friendly-Name = WLAN-LAB
Client-IP-Address = 192.168.1.200
NAS-Port-Type = <not present>
NAS-Port = <not present>
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = PAP
EAP-Type = <undetermined>
Reason-Code = 16
Reason = Authentication was not successful because an unknown user name or incorrect password was used.
The request is getting to the IAS server but not being authenticated.
The logs on the wlc are below
AAA Authentication Failure for UserName:test User Type: WLAN USER
Problem is it is IAS is not even authenticating a client I know has a correct password. The test client is only in the WLC Admin group
I am not sure if its the attributes though the wlc is in as a client with cisco attribute