Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS 3.2- NT Domain WAN Problem

I have three domains, Domain A (NT 4.0) Domain B(NT 4.0) and Domain C (Active Directory). the ACS works for a Cisco Access Point (LEAP).

The ACS is member of Domain C (W2000). and Domain A ans C are on the same LAN. Domain B is connected trought a 512kbps WAN link.

If I try to logon (on Access Point) from a Domain C user, ok.

If I try to logon (A.P) from a Domain A user, ok.

If I try to logon (A.P) from a Domain C user, timeout....

However, the Windows logon process works for all Domains and works fast, I mean, I can logon in a workstation with a user account from A, or B or C.

3 REPLIES
Silver

Re: ACS 3.2- NT Domain WAN Problem

Hello,

This is a know problem with domains over the WAN link. There are couple of timeouts here, one is on the ACS timeout, and the other one is the AP timeout. I would suggest you to open up a TAC case and so that TAC can follow up with the developers to see if there is any viable solutions/work around on this issue.

Regards,

Mynul

New Member

Re: ACS 3.2- NT Domain WAN Problem

I've opened several TAC cases on this issue. I get no value from the contact. I found that the NT version of ACS has a key to modify.

HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\CiscoAAAv3.1\CSRadius\ExtensionPoints\001\

SupplierData\SessionTTL

Changing this value fixed my WAN authentication problem. Then, I moved to the ACS appliance. So far, Cisco has no way to extend the ACS timeout since you can no longer directly access the OS.

I got a patch from Cisco, but it didn't work. I expect that the problem now is that the appliance is not the cause of the timeout, it is the remote agent.

I can't imagine that I'm the only person who uses Radius authentication to an NT database over slow WAN links.

New Member

Re: ACS 3.2- NT Domain WAN Problem

Hi Kevin.

I had to install a local (in the same LAN as the ACS) BDC Server for the remote Domain. It worked. Thanks for your answer.

237
Views
0
Helpful
3
Replies