Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco Secure ACS Express Domain User Authentication Issue

I have the following scenario:

Corporate users connect to WiFi infrastructure (Aironet 1131G Autonomous Access Points) using WPA2 Enterprise (EAP).

Cisco Secure ACS Express checks if users belong to 'acme.group/CORP/Groups/GLOBAL-WiFi-Users', it returns accept if they do.

Everything runs fine if users belong to subdomains countryX.acme.group, but if users are in domain acme.group they are unable to authenticate.

When we move users from countryX.acme.group to acme.group domain they are unable to connect to wifi.

In Authentication Report logs I can see that authenticated users (Authentication Result=Passed) are identified as countryX\username and we are able to see which groups they belong if we click on username; on the other side, the users that are unable to connect (Authentication Result=Failed) are identified as acme\username and we are unable to see which groups they belong if we click on username.

 

I need help to figure out what's wrong here. ACS Express is EoS :(

 

Cheers,

AM

Everyone's tags (5)
52
Views
0
Helpful
0
Replies
CreatePlease to create content