WLC4402, SSC 4.0, EAP FAST with ACS 4.1.23 and Active Directory
I have a problem where my SSC (Cisco Secure Services) wireless client software on the laptops will only authenticate the windows domain users if they enter the username and passwords manually. The single sign on feature will not work. I am using EAP-FAST. This is an appliance based ACS server which I have restored from the recovery CD.
When I look at the failed authentication requests I can see that it is trying to send username@domain when attempting single sign on. The log states that this is a bad username or password. Note that the end of the domain name is missing.
I can see the authentication attempt in the remote agent log (CSWINagent.log) on the domain controller so I know it is sending the login request to the DC. The Remote Agent is the same version as the ACS server. When I authenticate successfully (manually) it is not sending the domain portion of the username.
This is a new installation. Initially I had 2 remote agents, both on DCs the service was running as a windows domain admin account with the necessary privileges. After a scheduled power down at the weekend the windows authentication stopped working completely. I found a post in this forum which said to use local system to start the remote agent service. This brought the windows authentication back to life but now i have this problem. I'm sure that before I changed it the manual login also required the domain portion (ie domain\username). I can't be certain this is the case though!
Can anybody help me to get windows AD to accept these credentials as they are sent from the client login? Alternatively if I can get it to work with the user account it worked with originally then that would be great.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :