I've been trying to test a configuration concept as follows. Setup Aironet APs and clients to use LEAP authentication via AAA in ACS for accounting and proxy the login to the RSA token server for the login via a single sign on for the clients. The problem I'm having is that I can't find any documentation on how and what I need to all have in place within ACS and the RSA ACE server. I'm guessing that I'll have to use the LEAP proxy RADIUS server configuration setup for external databases. So far however I have not been able to get any configurations to actually send a login to the ACE server. I had first tried to use the RSA SecurID token server setup as an external database but that doesn't work. I think that some information is being stripped and not making it to the ACE server once it gets to the ACS server as I get "Radius extension DLL rejected user" errors in my failed attempts logs. I'm not sure if anyone out there has this configuration working yet as the LEAP support with the Aironet and ACS is rather new and new to me.
I'm getting the same errors using external database settings for W2K. Have followed the docs at Cisco site and have set it up on a member server joined to the domain with all 5 ACS services logged on with a domain admin equivalent account. Don't seem to be getting any messages on the W2K DCs to show of any attempts at authentication and my guess is that the ACS is not forwarding the authentication to either of the DCs.
The member server (ACS) needs to start the CSRadius service and all other CSxxx services with a domain priviledged username, furthermore, in the "Local Security Setting" under the "User Rights" , there is an option of "Act as part of Operating System" which must also include the same said username which is starting the services. Once you do this, you should be ok and ACS will proxy authentication to w2k.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :