Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco Secure 3.0 and LEAP

We have two domains, a native mode W2K domain and an NT 4.0 domain. We are using 350 Series APs and wireless cards that are authenticating through the Cisco Secure 3.0 box. The clients and the Access points are configured per Cisco's guidelines for LEAP. Both the Windows 2000 and NT 4.0 domains have been added as external databases in ACS and the APs have been added as AAA clients. When logging on from a 2K client, only users from the NT 4.0 domain get validated. Users in the 2000 domain receive something to the effect of "user could not be found, etc." The ACS box is in the 2000 domain as is the client computer that is trying to log on. We've even tried removing the NT 4.0 domain (there is a trust in place) and still only the NT 4.0 users are validated. Anybody else seen this? Any ideas? Thanks in advance.

7 REPLIES
New Member

Re: Cisco Secure 3.0 and LEAP

Hi,

On what OS is installed the ACS?

Marc.

New Member

Re: Cisco Secure 3.0 and LEAP

The ACS is installed on Windows 2000 Server and the client is running Windows 2000 Professional.

New Member

Re: Cisco Secure 3.0 and LEAP

And your Win2000 Server is member of which domain, the NT4 or Win2000 Domain?

New Member

Re: Cisco Secure 3.0 and LEAP

The Windows 2000 Server on which ACS is running is in the 2000 domain. The ACS services have been set up to run under a service account we've created that is a member of the domain admins group for the 2000 domain.

New Member

Re: Cisco Secure 3.0 and LEAP

Hi,

Is your unknown user policy rules correct?

Did you have added the two Domain in the Selected Databases List of the Unknown user Policy?

If not, go to External User Databases/Unknown User Policy then select the Win2000 Domain in the External Databases box and click on the buttons "->". Then click Submit.

Let me know if this is the problem?

Regards,

Marc.

New Member

Re: Cisco Secure 3.0 and LEAP

The unknown user policy is set to check the correct external database, so this doesn't seem to be the issue either. I've actually opened a TAC on the case and they've recommended installing ACS on a domain controller, so I may have to do that. Thanks for your help. Are/were you experiencing the same issue?

Thomas

New Member

Re: Cisco Secure 3.0 and LEAP

Hi,

No, not this problem. But other related to the interconnection between the ACS and the ADS.

Regards,

Marc.

95
Views
0
Helpful
7
Replies