I am configured Cisco ACS 4.2 to authenticate wired network base on Active Directory windows 2003.
I am used PEAP Authentication on the network and everything was OK but I have a problem : because there are restriction on User Account about log on to just User's computer (in Active Directory User account Setting log on to user limit to a specific computer's ) the ACS can't authenticate Users and generate error log say that workstation not allowed. I was configured enable workstation restriction too in ACS but problem still existed.
It looks you have 3 problems here...translated into the 3 failed reasons you are seeing in the Failed Attempts:
1 - SH-RASTEGAR\26320 -> Windows workstation not allowed 2 - SH-RASTEGAR\26320 -> Windows External DB user access was denied due to a Machine Access Restriction
3 - host/4500-028.sh-rastegar.com -> Machine authentication is not permitted
1 - This error means that the user is not allowed to login from the machine he is trying to login from. This is a setting of the AD and if you want to allow the user to login from this machine you have to change this security setting on the AD.
2 - This means that you have MAR (Machine Access Restriction) configured. And this means that a user can only login from a machine that has already passed machine authentication. If the machine did not authenticate yet successfully, you will get this message.
3 - This means that the machine "host/4500-028.sh-rastegar.com" tried to authenticate, however machine authentication is disabled on ACS. To enable it you need to check the matching box:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :