Windows authentication

Unanswered Question
Aug 11th, 2009

We are trying to authenticate against a AD group, instead of authenticating with AD it gives the following message and places the users in the default group, any ideas ?

RDS 08/10/2009 23:54:03 P 0786 3192 0x0 Found local user MSNET\ibis5471

RDS 08/10/2009 23:54:03 E 5800 3192 0x0 Failed to get group info about user:MSNET\ibis5471 - CSAuth client has passed userID with invalid id info

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mchin345 Mon, 08/17/2009 - 16:26

It is a known issue that ACS does look ups based on the outer id instead of the inner id when the outer identity is a username. For whatever reason, when the outer identity is anonymous, ACS correctly does its lookups based on the inner identity.

It is entirely possible this is why fast-reconnect also fails. I saw the following entries in the RDS.log that correspond to the reported fast-reconnect error in the Failed Attempts log.

Robert.N.Barrett_2 Wed, 08/19/2009 - 08:09

It is normal ACS behavior for AD users to show up in the local users database once they have authenticated. This is a caching feature that is enabled by default(and can be disabled).

Are users being allowed access, but these messages are showing up in the logs?

lni1 Thu, 08/20/2009 - 22:33

I disabled the whole setup to Windows AD,

so the authentication should fail, still the authentication for the devices are valid, they are in the default group (0).

The default group (0) is off limits for everybody, but still these users enter via this group, how is this possible ?

lni1 Fri, 08/21/2009 - 01:42

I already did that, it still enters the default group (0),could it be a problem with my link to AD ?

lni1 Tue, 08/25/2009 - 23:15

Yes, it belongs to multiple groups in AD, but for the moment the whole AD setup is offline, but still users enter via the group 0.

Actions

This Discussion