Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Unable to authenticate to AD

Hi

I have a ACS SE running 4.2 and a remote agent also running 4.2, I am using peap authentication and am unable to authenticate to Active directory, I can authenticate using a local account on the ACS, which tells be that the certificate are configured correctly,.

The error message that I am getting on the ACS server is:

Authen session timed out: Challenge not provided by client.

Has anyone come across this problem before and do they know of a solution.

Many Thanks

6 REPLIES

Re: Unable to authenticate to AD

Please increase the radius timeout on the AP and share the result. Command to increase the timeout on device

Radius-server timeout .

Regards,

~JG

Do rate helpful posts

New Member

Re: Unable to authenticate to AD

Hi jgambir

I have two WiSM blades deployed, I have increase the advanced eap timeout value to 20 seconds and still no luck.

Thanks

Re: Unable to authenticate to AD

Increase the loggin level to full,

acs--->system configuration---->service control--->.full

Please send cswinagent logs from remote agent after recreating the issue.

You need to go to on server where remote agent is installed.

Here is the location of the logs

C:\Program Files\Cisco\CiscoSecure ACS Agent\CSWinAgent\Logs

New Member

Re: Unable to authenticate to AD

Thanks, I will try that first thing tomorrow morning, and will let you know that outcome.

New Member

Re: Unable to authenticate to AD

Hi jgambir

I managed to resolve the issue today, it turned out that the customer have two domains running. The Customer is a college and have one domain for students and a second for staff and Admin, when we first start testing we we using a student machine and credentials on the Staff domain.

This leads to my second question, can you use a single ACS to authenticate against two different domains, I personally dont think this will be possible, do you know of a way or do I need a ACS SE per domain.

Many Thanks

Re: Unable to authenticate to AD

It can authenticate with Multiple domain with a condition of having two way trust.

If there is no two way trust then we would need acs in each domain and have proxy configured.

272
Views
0
Helpful
6
Replies
CreatePlease to create content