Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS3.2 + ap1100 + ACU5.05 + LEAP

Hi everyone,

I have the above mentioned kit and trying to get it to work usign leap as the authentication method. Not having much success with it though.

I have enabled open authentication, and Network-EAP on the AP a set it to authenticate against the ACS (even for admin access, and mac)

1. Admin access authenticates no probs

2. Open authentication + MAC works like a charm

3. when I add Network-EAP, and set up ACU to use LEAP it prompts for user/pass, tries to authenticate and just times out.

I tried debugging the AP but couldn't find anything obvious, ACS doesn't log anything in either successfull or failed login reports. What I'm wondering, is:

- Do I have to authenticate against a domain ? Or are just user/pass combinations in ACS enough ? What do I enter in the domain field in the ACU?

The ACS is set up on a server that's in a different domain than the clients who are to be connecting through the wlan. That's why I'd like to use a separate user/pass combination store in radius (ACS.)

thx

ml

3 REPLIES
Silver

Re: ACS3.2 + ap1100 + ACU5.05 + LEAP

Since you are authenticating the accounts against your NT domain, if you create the accounts on your ACS database, it will cause conflicts with your workgroups. If you did create duplicate accounts on your ACS database, then please create a new account on your NT domain only and try to authenticate a client with that account.

New Member

Re: ACS3.2 + ap1100 + ACU5.05 + LEAP

I actually tried that before, and I don't have duplicate accounts, they are either in NT/2000 domain or in ACS. I tried logging in with either with no success.

:(

New Member

Re: ACS3.2 + ap1100 + ACU5.05 + LEAP

It looks like I did find the culprit at the end.

I didn't have the "[006] Service-Type" checked and selected in ACS Group Settings. Now all works fine.

150
Views
0
Helpful
3
Replies