Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS authentication issue

I have configured Cisco ACS v4.1 to control network accessing. When a domain user logon, it takes a few seconds to logon using credentials. However, it takes around 1 minute to get the authentication successfully. The problem is the computer can't talk to the DHCP and DC when logon. The network status shows Limits or not connectivity. The ipconfig shows it uses auto ip address 169.254.x.x. To obtain an IP or talk to the DC, the user needs to enter ipconfig /renew or re-logon. How do you troubleshoot it?

4 REPLIES

Re: ACS authentication issue

Do you have machine authentication configured ? If not then you need to set it up.

The main purpose of Machine Authentication is to actually log you into the domain as if you were connected via a wired connection. It allows you to have startup scripts run and drive mappings occur.

Machine authentication--ACS authenticates the computer prior to user authentication. ACS checks the credentials that the computer provides against the Windows user database. If you use Active Directory and the matching computer account in Active Directory has the same credentials, the computer gains access to Windows domain services."

Regards,

~JG

Do rate helpful posts

New Member

Re: ACS authentication issue

Thank you for the reply.

Yes, I do have the machine authentication. Remember if re-logon or renew ip, it works. The ACS log shows the authentication is successful.

Also I am using wired not wireless. Any other suggestions?

Re: ACS authentication issue

Don't think this is a radius issue. This might help

http://support.microsoft.com/default.aspx?kbid=822596

Regards,

~JG

New Member

Re: ACS authentication issue

Thank you for the link. I think the problem is it takes too longer to get the authentication (over 1 minute). For example, the computer has logon using credentials, the port led is still orange. I also find if we don't re-logon or renew the IP, the computer will receive a good IP automatically in 5 minutes. The problem is the user doesn't have mapping because it doesn't run logon script from the DC.

141
Views
5
Helpful
4
Replies