We're running ACS 3.3 on a Windows 2003 server. We're using this server for Radius and integrating a Windows database.
Our wireless clients use PEAP to authenticate.
Suddenly none of our wireless clients can authenticate throughout our enterprise, which is turning out to be quite a serious problem.
Our configuration hasn't changed. I'm wondering if something happened to our certificate. We're using a self signed certificate that we generated via ACS.
Can I simply issue a new cert via ACS and see what happens?
I'm really in a bind right now.
Self sign certs are only valid of one year. Since all wireless users cant connect, I believe that ACS cert has expired.
Please go ahead and install new SSCert.
Do rate helpful posts
So simply going into ACS, System Config, Generate new Self Signed Cert, and then installing it may solve the problem?
Will this effect any other settings?
You are correct, thanks. Just paranoid, I guess.
In the ACS System Configuration to generate a new self signed cert, I want to make sure I don't need to change the any of the fields that are already entered. It looks like I just need to enter the private key password, and then check the box to "Install generated Certificate", and submit.
Well JG, I was hoping for the best, but we're still having authentication problems.
We're getting "External DB Account Restriction" errors. I already went through all the posts for this error.
Do you have any experience with this error?
That error comes due to permission issue. Make sure accounting running remote agent / or acs services, should have domain admin rights.
Configuring for Member Server Authentication
Is this documant also applicable to ACS 3.3? Thanks, it has a lot of good info in it. I'm going over it now.
We're running ACS on a Domain Controller and all ACS services are using the Domain Admin account to login.
Anything else it could be?
Please check your group mapping. It may be possible that user is getting mapped to disabled group.
If that is not the issue then we need to see auth.log , that will tell us what is the reason for failure.
Increase the loggin level to full and recreate the issue and see auth.log
We wound up installing ACS on another server, but I'm sure it was a Windows permission issue as you pointed out. We didn't have enough time to investigate further.