This line: Proxy-Policy-Name = Use Windows authentication for all users

Shows that you are not hitting the remote access policy. This is the defualt windows IAS policy.

Can you post your show run-config and tell me what ssid you are using. Might be a configuration on the wlc of your IAS server.

Also, check your shared secret configuration with the RADIUS server and make sure it is long enough. I had first set it up with only 10 characters and then changed it to 26 characters and it started working immediately.

FYI...Right now I'm just trying to get this working for MGMT logins, the problem I am having is that I cant login to the device with any username that isnt in the local list.

So you are trying to configure the wlc to authenticate management users when they try to access the wlc? Just note that the wlc will use local, then radius, then ldap if configured.

Here are some links for that:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080782507.shtml

This link is for ACS. what you have to do in the remote access policy in IAS is to set the service type as login. Also u[pgrade your boot loader to 5.0.

I have done both of those things...

be carefull with the polices in IAS. If you have another policy using the same nas ip address to authenticate wireless users, it will hit that and fail to the default. if that is your only policy you have, then the ias policy isn't configured right.

On you log that you posted: NAS-IP-Address = 10.1.12.35

This isn't your management interface (92.168.1.8) on the WLC? So what device is this you are showing?

I dont have any of those IP addresses, Im not sure what you are refering to?? I have more than one policies in IAS, I dont understand why it is so hard to setup RADIUS with this thing? Why would RADIUS behave so much differently on a WLC then say a router/switch?

Post the error you are seeing on your IAS.

I am not seeing an error on IAS...I see that access was granted? That is why Im at a loss for why this isnt working?

User david.jack was granted access.

Fully-Qualified-User-Name = xxxxx

NAS-IP-Address = 192.168.1.8

NAS-Identifier = RMCORPWLC01

Client-Friendly-Name = RMCORPWLC01

Client-IP-Address = 192.168.1.8

Calling-Station-Identifier =

NAS-Port-Type =

NAS-Port =

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server =

Policy-Name = WLC Auth <<<<

Authentication-Type = PAP

EAP-Type =

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Youmight have to setup accounting also. Capture data with a sniffer on the port that the wlc is connected to on the switch. If you see authentication pass, but accounting failed, then accounting will have to be setup. On ACS, you have to have that configured in order for this to work.

Also, check your shared secret configuration with the RADIUS server and make sure it is long enough. I had first set it up with only 10 characters and then changed it to 26 characters and it started working immediately.

I will have to give that a try, my shared secret is only 7 chars right now.

I'm having the same issue. Did you get it fixed?