802.1x and Remote Agent

Darthkim_2 · ‎02-14-2005

AD 2000 Domain, ACS appliance (running 3.3.1), remote agent on the Certificate authority. setup PEAP per instructions.

When i try to login with a user on a desktop, it errors out. This is the error message i see in the RemoteAgent logs

CSWinAgent 02/03/2005 17:13:56 A 0048 0604 NTLIB: Attempting Windows authentication for user RFI5771

CSWinAgent 02/03/2005 17:13:56 A 0048 0604 NTLIB: Windows authentication SUCCESSFUL (by DC1)

CSWinAgent 02/03/2005 17:13:56 A 0048 0604 NTLIB: Obtaining RAS information for user RFI5771 from DC1

CSWinAgent 02/03/2005 17:13:56 A 0048 0604 NTLIB: NetUserGetLocalGroups failed with result [5]

CSWinAgent 02/03/2005 17:13:56 A 0048 0604 NTLIB: nt_GetUsersNTGroups failed

Its funny. With my ID, everything works (dot1x gets authenticated, dynamically assigned VLAN, properly authenticated.

But I can't get it to work with any other user. Thinking that there was a rights issue Service account, i tested with a Domain admin account. No avail.

Any thoughts? I tested this whole setup in a lab with ACS for windows and it works like a charm. Getting it to work with the appliance has been a bit challenging.

allan.flintoff · ‎07-11-2006

Hi,

Did you ever get to the bottom of this issue. I have the same issue with ACS 3.3.3 for windows. I have not seen this issue on any other ACS Win / Appliance installs.

Thanks in advance

Allan

allan.flintoff · ‎07-11-2006

managed to fix the problem on the ACS member server installation by getting the ACS services to run with an account with domain admin privileges. Allan