I've (finally) moved us away from our old ACS 3.2 box, using a local identity store, to a shiny new ACS 5.1 backed by Active Directory.
We're using the ACS primarily to authenticate our wireless users.
On our first day with the new ACS in production, I'm seeing a large number of "24408 User authentication against Active Directory failed since user has entered the wrong password" errors in the RADIUS authentication logs.
I expected this, as users gradually enter their AD creds for authentication.
One of the things that would help our Tech Support folks would be to find out which users/machines are still using old, stored creds.
RADIUS authentication logs, however, are not giving us a MAC (or IP) address to go with the 24408 errors.
We *are* logging MACs for successful authentications as well as things like "12511 Unexpectedly received TLS alert message; treating as a rejection by the client" errors.
Have I not config'd something on our WiSM? Am I not supposed to be seeing MACs for 24408 errors?