4402 PEAP w/ACS3.3 using Novell NDS.

mbzowski · ‎08-03-2006

I am trying to configure WPA2 with 802.1x authentication through ACS 3.3. Having issue with using PEAP authentication through ACS 3.3 configured for Novell NDS as External Database. Client is stuck "Verifying credentials". Controller sends authentication requests to ACS, but it is not getting any response back from ACS. ACS is on the same subnet, no firewalls of any kind in between. Under Failed Authentication on ACS nothing gets logged if I have PEAP enabled under Global Authentication Setup (EAP-MSCHAPv2). If I uncheck PEAP options under Global Authentication, then ACS will log under Failed Attempts error message saying that "EAP type not configured. Check Global Authentication Setup". Correct IP address of ACS and secret key is entered in Wireless Controller. I have also tried using port 1645 and 1812 with the same result.

Any ideas would be appreciated. Thanks.

aghaznavi · ‎08-09-2006

Except in EAP-TLS authentication against Active Directory, CiscoSecure ACS does not support the user@domain (UPN) format of qualified usernames when authenticating users with Windows user databases of any type

depwanguy · ‎08-18-2006

If you are authenticating against Novell eDirectory/NDS, you should use EAP-GTC. Also, when you create your database configuration, be sure to enter all contexts (separated by commas) in which your user accounts reside.