Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Authenticating wireless clients against multiple domains


I have a solution where I am trying to implement which involves using ACS SE to authenticate against two AD domains. There is a two way trust relationship between the two domains. I can see both domains under the external user databases, however currently I can authenticate against the domain the that server which the remote agent is on but not the other, wireless clients that are not getting authenticated are receiving the following message in ACS under failed attempts:

Authen session timed out: Challenge not provided by client.

Is there any thing to watch out fot when authenticating to multiply domains.

many thanks


Re: Authenticating wireless clients against multiple domains

this message "Authen session timed out: Challenge not provided by client." means that AAA server timed out waiting on reply from end client. This is a very general in wireless networks and could also point towards client misbehaving and not replying to access-challenge in a timely fashion.

To authenticate users from multiple domain. First ensure that you have followed following document,

Windows Authentication Configuration:

Make sure that you are running compatible RA with ACS SE. Both must have same version.

This is how you can test, as example on an Access point CLI,

test aaa group radius legacy

Other then this. Increase the logging level on ACS to full. As you have ACS SE, check the WinAgent logs. They should provide you some more information, as why user authentication from trusted domain is failing.



Please rate if it helps!

CreatePlease to create content