Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
598
Views
0
Helpful
7
Replies

Cisco Secure 3.0 and LEAP

thomas.clark
Level 1
Level 1

‎03-14-2002 05:37 AM - edited ‎03-08-2019 10:03 PM

We have two domains, a native mode W2K domain and an NT 4.0 domain. We are using 350 Series APs and wireless cards that are authenticating through the Cisco Secure 3.0 box. The clients and the Access points are configured per Cisco's guidelines for LEAP. Both the Windows 2000 and NT 4.0 domains have been added as external databases in ACS and the APs have been added as AAA clients. When logging on from a 2K client, only users from the NT 4.0 domain get validated. Users in the 2000 domain receive something to the effect of "user could not be found, etc." The ACS box is in the 2000 domain as is the client computer that is trying to log on. We've even tried removing the NT 4.0 domain (there is a trust in place) and still only the NT 4.0 users are validated. Anybody else seen this? Any ideas? Thanks in advance.

Labels:
0 Helpful
7 Replies 7

halleuxm
Level 1
Level 1

‎03-14-2002 11:39 AM

Hi,

On what OS is installed the ACS?

Marc.

0 Helpful

thomas.clark
Level 1
Level 1
In response to halleuxm

‎03-14-2002 11:51 AM

The ACS is installed on Windows 2000 Server and the client is running Windows 2000 Professional.

0 Helpful

halleuxm
Level 1
Level 1
In response to thomas.clark

‎03-15-2002 06:48 AM

And your Win2000 Server is member of which domain, the NT4 or Win2000 Domain?

0 Helpful

thomas.clark
Level 1
Level 1
In response to halleuxm

‎03-15-2002 09:50 AM

The Windows 2000 Server on which ACS is running is in the 2000 domain. The ACS services have been set up to run under a service account we've created that is a member of the domain admins group for the 2000 domain.

0 Helpful

halleuxm
Level 1
Level 1
In response to thomas.clark

‎03-15-2002 10:59 AM

Hi,

Is your unknown user policy rules correct?

Did you have added the two Domain in the Selected Databases List of the Unknown user Policy?

If not, go to External User Databases/Unknown User Policy then select the Win2000 Domain in the External Databases box and click on the buttons "->". Then click Submit.

Let me know if this is the problem?

Regards,

Marc.

0 Helpful

thomas.clark
Level 1
Level 1
In response to halleuxm

‎03-19-2002 09:29 AM

The unknown user policy is set to check the correct external database, so this doesn't seem to be the issue either. I've actually opened a TAC on the case and they've recommended installing ACS on a domain controller, so I may have to do that. Thanks for your help. Are/were you experiencing the same issue?

Thomas

0 Helpful

halleuxm
Level 1
Level 1
In response to thomas.clark

‎03-20-2002 01:58 AM

Hi,

No, not this problem. But other related to the interconnection between the ACS and the ADS.

Regards,

Marc.

0 Helpful
Customers Also Viewed These Support Documents