ACS3.2 + ap1100 + ACU5.05 + LEAP

mlohnert · ‎07-01-2003

Hi everyone,

I have the above mentioned kit and trying to get it to work usign leap as the authentication method. Not having much success with it though.

I have enabled open authentication, and Network-EAP on the AP a set it to authenticate against the ACS (even for admin access, and mac)

1. Admin access authenticates no probs

2. Open authentication + MAC works like a charm

3. when I add Network-EAP, and set up ACU to use LEAP it prompts for user/pass, tries to authenticate and just times out.

I tried debugging the AP but couldn't find anything obvious, ACS doesn't log anything in either successfull or failed login reports. What I'm wondering, is:

- Do I have to authenticate against a domain ? Or are just user/pass combinations in ACS enough ? What do I enter in the domain field in the ACU?

The ACS is set up on a server that's in a different domain than the clients who are to be connecting through the wlan. That's why I'd like to use a separate user/pass combination store in radius (ACS.)

thx

ml

sbilgi · ‎07-07-2003

Since you are authenticating the accounts against your NT domain, if you create the accounts on your ACS database, it will cause conflicts with your workgroups. If you did create duplicate accounts on your ACS database, then please create a new account on your NT domain only and try to authenticate a client with that account.

mlohnert · ‎07-10-2003

I actually tried that before, and I don't have duplicate accounts, they are either in NT/2000 domain or in ACS. I tried logging in with either with no success.

:(

mlohnert · ‎07-21-2003

It looks like I did find the culprit at the end.

I didn't have the "[006] Service-Type" checked and selected in ACS Group Settings. Now all works fine.