Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Cisco Employee

IAS admin authentication

I hope you can help as I am sure I am missing something basic.

Using IAS to authenticate admin and Lobby ambassador to a wlc running 4.2.

Created a group wlc Admin in windows ad.

Added a user to the group to test. The user works pw etc as I have tested this.

Event log from IAS is here

User test was denied access.

Fully-Qualified-User-Name = WIRELESSDATANET\test

NAS-IP-Address = 192.168.1.200

NAS-Identifier = WLAN-LAB

Called-Station-Identifier = <not present>

Calling-Station-Identifier = <not present>

Client-Friendly-Name = WLAN-LAB

Client-IP-Address = 192.168.1.200

NAS-Port-Type = <not present>

NAS-Port = <not present>

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Policy-Name = <undetermined>

Authentication-Type = PAP

EAP-Type = <undetermined>

Reason-Code = 16

Reason = Authentication was not successful because an unknown user name or incorrect password was used.

The request is getting to the IAS server but not being authenticated.

The logs on the wlc are below

AAA Authentication Failure for UserName:test User Type: WLAN USER

Problem is it is IAS is not even authenticating a client I know has a correct password. The test client is only in the WLC Admin group

I am not sure if its the attributes though the wlc is in as a client with cisco attribute

2 REPLIES
Silver

Re: IAS admin authentication

Are you trying to access WLC as an AAA Client on the MS IAS?

Cisco Employee

Re: IAS admin authentication

Hi mchin I managed to resolve the issue, thanks for replying

320
Views
0
Helpful
2
Replies
CreatePlease to create content