cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
539
Views
0
Helpful
2
Replies

IAS admin authentication

Peter Nugent
Cisco Employee
Cisco Employee

I hope you can help as I am sure I am missing something basic.

Using IAS to authenticate admin and Lobby ambassador to a wlc running 4.2.

Created a group wlc Admin in windows ad.

Added a user to the group to test. The user works pw etc as I have tested this.

Event log from IAS is here

User test was denied access.

Fully-Qualified-User-Name = WIRELESSDATANET\test

NAS-IP-Address = 192.168.1.200

NAS-Identifier = WLAN-LAB

Called-Station-Identifier = <not present>

Calling-Station-Identifier = <not present>

Client-Friendly-Name = WLAN-LAB

Client-IP-Address = 192.168.1.200

NAS-Port-Type = <not present>

NAS-Port = <not present>

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Policy-Name = <undetermined>

Authentication-Type = PAP

EAP-Type = <undetermined>

Reason-Code = 16

Reason = Authentication was not successful because an unknown user name or incorrect password was used.

The request is getting to the IAS server but not being authenticated.

The logs on the wlc are below

AAA Authentication Failure for UserName:test User Type: WLAN USER

Problem is it is IAS is not even authenticating a client I know has a correct password. The test client is only in the WLC Admin group

I am not sure if its the attributes though the wlc is in as a client with cisco attribute

2 Replies 2

mchin345
Level 6
Level 6

Are you trying to access WLC as an AAA Client on the MS IAS?

Hi mchin I managed to resolve the issue, thanks for replying

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: