03-06-2012 06:41 AM - edited 03-10-2019 06:52 PM
Hi,
I have deployed a pair of Cisco ACS v5.3 in my envirnoment and joined the ACS to my AD. With this, I used the new feature of "Password Type" for internal user and set the internal user password to the external database of AD; meaning to say that for example, I have an AD user of weekwang, on the ACS internal user database I created the same user name of weekwang however setting the user's password type to the AD.
Upon this, I then configure the user 802.1x authentication for the network access. I configured the Identity setting of the access policy to the internal user database. However, the user authentication fails as the ACS cannot find the user in the internal user database.
From the monitor and report log, I see that the user name that the ACS is receiving is Domain\weekwang. Thus, it cannot locate the user from then internal user database.
Thus, I would like to seek for assistance/advice to whether is there any configuration on the ACS that I need to set so that I can strip of the prefix of Domain\ from the receiving user name so that the ACS will receive the user name as just weekwang.
Thks and Rgds
03-13-2012 03:31 PM
Hello . I just tested Radius with PAP and everything is working OK. Could you please post your config and logs ?
03-13-2012 05:33 PM
Hi Eduardoaliaga,
I believe that when we are using PAP as the authentication protocol, the ACS is able to strip the domian prefix. However, my side is using the PEAP MsChapv2 as the authentication protocol and I believe that the TLS tunnel is prevent the ACS from stripping the domain prefix/sufix. Thus, I have also posted another discussion on the issue of when the authentication protocol of PEAP MsChapv2 is used, ACS is not able to strip the domain prefix/sufix. Thus, would you be also able to advice on if that is correct. Please refer to the links below.
1) https://supportforums.cisco.com/thread/2061835
3) https://supportforums.cisco.com/message/3581951#3581951
Thks and Rgds
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide