cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
479
Views
0
Helpful
2
Replies

ACS an Win 2k3 AD attribute mapping

marko.keca
Level 1
Level 1

Hello!

I have a problem with 802.1x (PEAP) authentication for wired clients. If the option "Log On To" in AD is enabled, authentication failed. Without this option everything works fine.

I suspect that I'm missing something in ACS configuration which uses AD as external database.

Which ACS attribute corresponds to "Log On To" option in AD?

Thanks!

2 Replies 2

jhillend
Level 1
Level 1

Is the external database configuration for the Windows database set up correctly?

Can you successfully use the AD credentials to log in via a plane text password, such as logging into a router?

Are the users statically configured? If so, they will need to have their password type set to "Windows Database".

Or, are you using the Unknown User configuration? If so, is that properly configured to use the Windows database?

Hi,

I'm using AD as external database only for PC clients. Users are mapped to groups on ACS. Problem arise only with option "Log On To" in AD which restricts users to login only on specific machines.

If this option is disabled everything works great. Even changing password from PC.

So I think that AD waits for some other attribute except domain/user/pass, but I can't figured it out which.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: