Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Password Aging/Notifications on ACS 3.3 and AD

Hi everyone!

Equipments involved:

Cisco ACS 3.3 Appliance

Microsoft Active Directory

Aironet 1200 AP

IBM Thinkpad T42, WinXP SP2

Authentication used:

WPA/TKIP/PEAP

Supplicants:

Thinkvantage (4.12)

Odyssey Client 4.32

Windows PEAP Supplicant

Problem:

How to push notifications like 'Account is disabled', Account is locked-out' from AD to Wireless Client when the user is about to connect to wireless network?

1 REPLY
Silver

Re: Password Aging/Notifications on ACS 3.3 and AD

Hi

I can see why you might want to offer this at it aids in self-diagnosis of connection problems.

However, AAA servers historically (as any other security server) do not tend to offer clues as to the reason for an authentication failure.

Also AD will only give back a failure code, the AAA server then has to map the failure code to a readable string - then you get interpretation issues etc

Technically there is no reason why a Reply-Message attribute cant be included in the final Authentication-Reject message, or even inside the PEAP tunnel. But asking for a protocol change would be harder than getting blood from a stone!

Darran

142
Views
0
Helpful
1
Replies
CreatePlease login to create content