Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

sbe
New Member

acs 4.0, peap-mschapv2 and machine authentication

hi,

ive a problem with some wlan-users and machine authentication. mostly users are pass machine auth but sometimes the login fails. in the auth.log are the following entries:

AUTH 25/10/2006 13:43:51 I 0897 2216 AuthenProcessResponse: process response for 'XXXX\yyyyyyyy'

AUTH 25/10/2006 13:43:51 I 1554 2216 pvAuthenticateUser: authenticate 'XXXX\yyyyyyyy' against Windows Database

AUTH 25/10/2006 13:43:51 I 0376 2216 External DB [NTAuthenDLL.dll]: Starting MSCHAP authentication for user [XXXX\yyyyyyyy]

AUTH 25/10/2006 13:43:51 I 0376 2216 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user yyyyyyyy

AUTH 25/10/2006 13:43:51 I 0376 2216 External DB [NTAuthenDLL.dll]: Windows authentication SUCCESSFUL (by DCXXX)

AUTH 25/10/2006 13:43:51 I 0376 2216 External DB [NTAuthenDLL.dll]: User mapped to ACS group id [1]

AUTH 25/10/2006 13:43:51 I 0376 2216 External DB [NTAuthenDLL.dll]: Group 1 is forced to pass Machine Authentication

AUTH 25/10/2006 13:43:51 I 0376 2216 External DB [NTAuthenDLL.dll]: Force machine AUTH mapping to group [-1]

AUTH 25/10/2006 13:43:51 I 0376 2216 External DB [NTAuthenDLL.dll]: User is mapped to a disabled ACS group

AUTH 25/10/2006 13:43:51 I 5081 2216 Done RQ1027, client 50, status -2046

AUTH 25/10/2006 13:43:51 I 5094 2216 Worker 5 processing message 18.

AUTH 25/10/2006 13:43:51 I 5081 2216 Start RQ1027, client 50 (127.0.0.1)

AUTH 25/10/2006 13:43:51 I 0897 2216 AuthenProcessResponse: process response for 'XXXX\yyyyyyyy'

AUTH 25/10/2006 13:43:51 I 0361 2216 EAP: PEAP: Second phase: 26 authentication FAILED

background:

the acs default group is disabled and group 1 (named wlan) is mapped to active directory.

1 REPLY

Re: acs 4.0, peap-mschapv2 and machine authentication

It seems to be a misconfiguration issue. What error we are getting on acs failed attempts ?

376
Views
0
Helpful
1
Replies
CreatePlease login to create content