Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Can login with one laptop, not another

Two (long-winded) questions for you all:

1) Anyone know why I would be able to login to our domain from one laptop with a LEAP-enabled wireless card, but cannot login with another LEAP-enabled laptop sitting right next to it? I have pre-auth turned on for both laptops. Both laptops will query the ACS to get an address. Both pass 802.11/x credentials and receive IP addresses. One laptop (a Lenovo S12) can login users just fine. The other laptop is a Dell and will come back with "Domain is not available" after passing all of the pre-auth credentials.

I've made sure that the external database is pointing to the right groups in AD, but I do see authentication failures pop up on the WCS. The following is common:

Client '00:21:6a:28:56:4c (Admin, 10.172.1.14)' which was associated with interface '802.11b/g' of AP 'AP102' is excluded. The reason code is '4(802.1X Authentication failed 3 times.)'.

Remember, though, pre-auth is telling me that it does pass 802.1X authentication, and you can see that it does get an IP, so this error is conflicting. I also get a lot of these, too:

Client '00:21:6a:28:60:a8 (rebeccab@mtgraham.org, 0.0.0.0)' which was associated with interface '802.11b/g' of AP 'AP102' is excluded. The reason code is '4(802.1X Authentication failed 3 times.)'.

I understand that it is trying to pass authentication for a device with no IP, but why does one login get an IP (as seen on the first message) and not another login (second message)? I get this with the same user name, not just when different people are trying. I can login to the Lenovo with gpotest@mtgraham.org, but I turn around and get "Domain is not available" on the Dell with the exact same AD account.

2) Here's another one that's baffling me: I have a user named kirk.orona@mtgraham.org. When trying to auth to the domain, I see the following pop up in the event log on WCS (A LOT):

Client '00:1c:bf:96:d3:6a (..m .orona@mtgraham.org, 0.0.0.0)' which was associated with interface '802.11b/g' of AP 'AP122' is excluded. The reason code is '4(802.1X Authentication failed 3 times.)'.

User authentication from Controller '10.5.1.11' failed for User name '..m .orona@mtgraham.org' and user type 'Network User'.

User authentication from Controller '10.5.1.11' failed for User name '.O. .orona@mtgraham.org' and user type 'Network User'.

Client '00:1c:bf:96:d3:6a (x.m .orona@mtgraham.org, 0.0.0.0)' which was associated with interface '802.11b/g' of AP 'AP122' is excluded. The reason code is '4(802.1X Authentication failed 3 times.)'.

User authentication from Controller '10.5.1.11' failed for User name 'x.m .orona@mtgraham.org' and user type 'Network User'.

Why is it that the user tries to login with "kirk.orona@mtgraham.org", but the controller thinks he's trying to use random ones, shown above?! His actual login name is no where in the logs at all. Thoughts on this one?!

To throw another kink into this, we can login all day long with other devices, like iPhones and Android phones and Linux (on the exact same machines that had previously "failed", mind you) and never get authentication errors or random drops. It's making me think it is a Windows driver issue, but I can have a driver work on one laptop and not another that is the exact same model... It's very confusing at the moment for me, sending me spinning in circles to try and find what's going on.

Thanks in advance for your help!

994
Views
0
Helpful
0
Replies
CreatePlease to create content