07-23-2003 09:16 AM - edited 03-10-2019 07:25 AM
I have three domains, Domain A (NT 4.0) Domain B(NT 4.0) and Domain C (Active Directory). the ACS works for a Cisco Access Point (LEAP).
The ACS is member of Domain C (W2000). and Domain A ans C are on the same LAN. Domain B is connected trought a 512kbps WAN link.
If I try to logon (on Access Point) from a Domain C user, ok.
If I try to logon (A.P) from a Domain A user, ok.
If I try to logon (A.P) from a Domain C user, timeout....
However, the Windows logon process works for all Domains and works fast, I mean, I can logon in a workstation with a user account from A, or B or C.
07-24-2003 02:03 PM
Hello,
This is a know problem with domains over the WAN link. There are couple of timeouts here, one is on the ACS timeout, and the other one is the AP timeout. I would suggest you to open up a TAC case and so that TAC can follow up with the developers to see if there is any viable solutions/work around on this issue.
Regards,
Mynul
02-16-2005 08:19 PM
I've opened several TAC cases on this issue. I get no value from the contact. I found that the NT version of ACS has a key to modify.
HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\CiscoAAAv3.1\CSRadius\ExtensionPoints\001\
SupplierData\SessionTTL
Changing this value fixed my WAN authentication problem. Then, I moved to the ACS appliance. So far, Cisco has no way to extend the ACS timeout since you can no longer directly access the OS.
I got a patch from Cisco, but it didn't work. I expect that the problem now is that the appliance is not the cause of the timeout, it is the remote agent.
I can't imagine that I'm the only person who uses Radius authentication to an NT database over slow WAN links.
02-17-2005 02:53 PM
Hi Kevin.
I had to install a local (in the same LAN as the ACS) BDC Server for the remote Domain. It worked. Thanks for your answer.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: