Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Bronze

Access denied: fast-reconnect was successful but user was not found ...

Hi,

We're implementing a NAC (framework) pilot and are experiencing clients that fail re-authentication with the following in the failed-attempts ACS 4 logging:

"Access denied: fast-reconnect was successful but user was not found in cache"

From what I see is that the first succesfull authentication is done using username "user@DOMAIN" while the re-authentication is done with just "user". Hence the "user not found in cache".

Does someone know how to correct this issue?

We're running on W2K as well as XP using CTA2.0.30 or CTA 2.0.1.14 with and without integrated supplicatant. In the case we're running CTA wihtout supplicant we're running the meethinghouse aegis secureconnect supplicant.

Authentication is based on EAP-FAST and PEAP-MSCHAPv2.

Please advise .....

Regards,

Erik Tamminga

  • AAA Identity and NAC
1 REPLY
Anonymous
N/A

Re: Access denied: fast-reconnect was successful but user was no

These failures are related to PEAP authentication when fast reconnect is attempted but the fast reconnect session timeout has expired and the user credentials have been cleared. This should be followed by the user being prompted for username and password.

418
Views
0
Helpful
1
Replies
This widget could not be displayed.