topic In my case the users are all in Network Access Control

ACS Time Sync for User Authentication

bnace — Mon, 11 Mar 2019 06:33:37 GMT

I have a WLC that has two identical ACS 5.5 used as RADIUS for authentication. The primary works fine without any issues. The secondary (relative to the WLC) is having authentication issues. There is no path issue between the WLC and the two ACSs. I do see that the secondary has not kept synchronization with the NTP clock. I see documents where this can be an issue with machine authentication but none that address user authentication. Can anyone provide information about whether this can be an issue and the documentation to support. Users are using PEAP (no certificate) to authenticate. The time difference is ~ 4 minutes in drift at this time.

If ACS is configured to use

Javier Henderson — Wed, 09 Mar 2016 19:14:38 GMT

If ACS is configured to use AD as the back-end user database, the maximum clock drift allowed is five minutes. This would affect both machine and user authentications.

What reason is ACS giving to reject the authentication attempts?

Javier Henderson

Cisco Systems

In my case the users are all

bnace — Wed, 09 Mar 2016 19:29:28 GMT

In my case the users are all within the Local ACS database. AD is not being used.