I have configured Cisco ACS v4.1 to control network accessing. When a domain user logon, it takes a few seconds to logon using credentials. However, it takes around 1 minute to get the authentication successfully. The problem is the computer can't talk to the DHCP and DC when logon. The network status shows Limits or not connectivity. The ipconfig shows it uses auto ip address 169.254.x.x. To obtain an IP or talk to the DC, the user needs to enter ipconfig /renew or re-logon. How do you troubleshoot it?
Do you have machine authentication configured ? If not then you need to set it up.
The main purpose of Machine Authentication is to actually log you into the domain as if you were connected via a wired connection. It allows you to have startup scripts run and drive mappings occur.
Machine authentication--ACS authenticates the computer prior to user authentication. ACS checks the credentials that the computer provides against the Windows user database. If you use Active Directory and the matching computer account in Active Directory has the same credentials, the computer gains access to Windows domain services."
Thank you for the link. I think the problem is it takes too longer to get the authentication (over 1 minute). For example, the computer has logon using credentials, the port led is still orange. I also find if we don't re-logon or renew the IP, the computer will receive a good IP automatically in 5 minutes. The problem is the user doesn't have mapping because it doesn't run logon script from the DC.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...