cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
665
Views
0
Helpful
7
Replies

Windows authentication

lni1
Level 1
Level 1

We are trying to authenticate against a AD group, instead of authenticating with AD it gives the following message and places the users in the default group, any ideas ?

RDS 08/10/2009 23:54:03 P 0786 3192 0x0 Found local user MSNET\ibis5471

RDS 08/10/2009 23:54:03 E 5800 3192 0x0 Failed to get group info about user:MSNET\ibis5471 - CSAuth client has passed userID with invalid id info

7 Replies 7

mchin345
Level 6
Level 6

It is a known issue that ACS does look ups based on the outer id instead of the inner id when the outer identity is a username. For whatever reason, when the outer identity is anonymous, ACS correctly does its lookups based on the inner identity.

It is entirely possible this is why fast-reconnect also fails. I saw the following entries in the RDS.log that correspond to the reported fast-reconnect error in the Failed Attempts log.

It is normal ACS behavior for AD users to show up in the local users database once they have authenticated. This is a caching feature that is enabled by default(and can be disabled).

Are users being allowed access, but these messages are showing up in the logs?

I disabled the whole setup to Windows AD,

so the authentication should fail, still the authentication for the devices are valid, they are in the default group (0).

The default group (0) is off limits for everybody, but still these users enter via this group, how is this possible ?

You can create a mapping and map default group with no access group.

I already did that, it still enters the default group (0),could it be a problem with my link to AD ?

Does that user belongs to multiple group in AD?

Yes, it belongs to multiple groups in AD, but for the moment the whole AD setup is offline, but still users enter via the group 0.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: