We have two domains, a native mode W2K domain and an NT 4.0 domain. We are using 350 Series APs and wireless cards that are authenticating through the Cisco Secure 3.0 box. The clients and the Access points are configured per Cisco's guidelines for LEAP. Both the Windows 2000 and NT 4.0 domains have been added as external databases in ACS and the APs have been added as AAA clients. When logging on from a 2K client, only users from the NT 4.0 domain get validated. Users in the 2000 domain receive something to the effect of "user could not be found, etc." The ACS box is in the 2000 domain as is the client computer that is trying to log on. We've even tried removing the NT 4.0 domain (there is a trust in place) and still only the NT 4.0 users are validated. Anybody else seen this? Any ideas? Thanks in advance.
The Windows 2000 Server on which ACS is running is in the 2000 domain. The ACS services have been set up to run under a service account we've created that is a member of the domain admins group for the 2000 domain.
The unknown user policy is set to check the correct external database, so this doesn't seem to be the issue either. I've actually opened a TAC on the case and they've recommended installing ACS on a domain controller, so I may have to do that. Thanks for your help. Are/were you experiencing the same issue?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...