cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1121
Views
0
Helpful
6
Replies

Unable to authenticate to AD

krishanmistry
Level 1
Level 1

Hi

I have a ACS SE running 4.2 and a remote agent also running 4.2, I am using peap authentication and am unable to authenticate to Active directory, I can authenticate using a local account on the ACS, which tells be that the certificate are configured correctly,.

The error message that I am getting on the ACS server is:

Authen session timed out: Challenge not provided by client.

Has anyone come across this problem before and do they know of a solution.

Many Thanks

6 Replies 6

Jagdeep Gambhir
Level 10
Level 10

Please increase the radius timeout on the AP and share the result. Command to increase the timeout on device

Radius-server timeout .

Regards,

~JG

Do rate helpful posts

Hi jgambir

I have two WiSM blades deployed, I have increase the advanced eap timeout value to 20 seconds and still no luck.

Thanks

Increase the loggin level to full,

acs--->system configuration---->service control--->.full

Please send cswinagent logs from remote agent after recreating the issue.

You need to go to on server where remote agent is installed.

Here is the location of the logs

C:\Program Files\Cisco\CiscoSecure ACS Agent\CSWinAgent\Logs

Thanks, I will try that first thing tomorrow morning, and will let you know that outcome.

Hi jgambir

I managed to resolve the issue today, it turned out that the customer have two domains running. The Customer is a college and have one domain for students and a second for staff and Admin, when we first start testing we we using a student machine and credentials on the Staff domain.

This leads to my second question, can you use a single ACS to authenticate against two different domains, I personally dont think this will be possible, do you know of a way or do I need a ACS SE per domain.

Many Thanks

It can authenticate with Multiple domain with a condition of having two way trust.

If there is no two way trust then we would need acs in each domain and have proxy configured.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: