Authenticating wireless clients against multiple domains
I have a solution where I am trying to implement which involves using ACS SE to authenticate against two AD domains. There is a two way trust relationship between the two domains. I can see both domains under the external user databases, however currently I can authenticate against the domain the that server which the remote agent is on but not the other, wireless clients that are not getting authenticated are receiving the following message in ACS under failed attempts:
Authen session timed out: Challenge not provided by client.
Is there any thing to watch out fot when authenticating to multiply domains.
Re: Authenticating wireless clients against multiple domains
this message "Authen session timed out: Challenge not provided by client." means that AAA server timed out waiting on reply from end client. This is a very general in wireless networks and could also point towards client misbehaving and not replying to access-challenge in a timely fashion.
To authenticate users from multiple domain. First ensure that you have followed following document,
Make sure that you are running compatible RA with ACS SE. Both must have same version.
This is how you can test, as example on an Access point CLI,
test aaa group radius legacy
Other then this. Increase the logging level on ACS to full. As you have ACS SE, check the WinAgent logs. They should provide you some more information, as why user authentication from trusted domain is failing.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...