Leap and windows domain logon

atassone · ‎08-27-2002

I'm doing some test with an Air 1200 and some 352 Pc card for one of our customers.

With ACU ver. 4.25.23, I enabled LEAP authentication using the windows user name and password.

Leap authentication is successful, while windows domain logon not.

Not to say using a "normal" NIC that logon succeed.

Sniffing the packets that come out the AP, it seems the domain logon happens... I see the requests/answers between my client and the domain controller...

However, after canceling the windows domain logon I have normal connectivity with the entire network.

Someone experienced that? Any help will be greatly appreciated.

Antonio Tassone

ciscomoderator · ‎09-04-2002

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

kj · ‎11-05-2002

Did you find a solution for this problem? i have a similar problem, when i log in the leap box appears with a "finding domain controller" takes quite some time before the dialog disappears and the logon is successful. It seams that my computer actually finds the domain controller, i say this because i get my logon script from the domain controller. Any help here would be great.

atassone · ‎11-05-2002

Yes, I make the radius server run with a windows account that is a domain administrator too.

I found the tech note that reported this solution looking for the error experienced by the radius, something like "DLL rejected" or similar.

Hope it helps.

Bye.

ndoshi · ‎11-13-2002

Can you please elaborate more on what you are suggesting ?

atassone · ‎11-15-2002

Sure.

My attempts to logon in a windows domain using the same user/password for LEAP authentication and windows logon were unsuccessful (either using Win9x or Win NT/2000 on the client), indeed the login dialog box was stuck in something like "searching primary domain controller" or similar (I'm sorry but it's been some month ago).

Looking the Radius server log, I found an error like " xxxxx DLL rejected".

Searching the Cisco web site and the forums for that error, I read the advice to make the authentication services on the NT server to run with the privileges of one of the Windows Domain Administrator accounts.

Following that advice, and with some other tweaking explained in the document I read, I reached my goal.

I regret I can't be more precise.

Regards.

mcnaz-yeo · ‎12-17-2002

Hi

Can u advise how to run the privileges of the comain administrator

Can u share with me on the tweaking

Regards

McNAz

atassone · ‎12-17-2002

I'm not very skilled in managing windows domains... however I think here ( http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt30/install/install.htm#xtocid16 ) you can find some advice on how to make a service run with a particular account.

Hope it helps.