Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
462
Views
0
Helpful
1
Replies

ACS 3.2 local user database w/ Windows XP PEAP working w/ Aironet 1200 PEAP

netcraftjason
Level 1
Level 1

‎05-23-2006 05:27 PM - edited ‎03-10-2019 02:35 PM

I have configured Aironet1200 to work on PEAP mode and windows xp client to authentication using PEAP ms-chapv2. And the Windows xp user has been added to the user database of ACS. Then I tried to connect the Windows XP computer to the wireless network but didn't be succeed. (Windows XP has prompted a dialog box for entering username, password and domain name). The ACS fail attempted logged the following two message:

NAS duplicated authentication attempt

External DB account Restriction

And then I tried to add an external user database mapping with Windows NT group, but the User still cannot connect to wireless.

Any idea? Or Where I can ask for the meaning of the error generated by ACS?

Thanks!

Labels:
0 Helpful
1 Reply 1

a.kiprawih
Level 7
Level 7

‎05-23-2006 07:24 PM

Hi,

You can (or have you) try one of this:

1. When Windows prompt for username/password/domain, leave the domain empty. At this point, user auth. will use ACS internal DB, so domain is not required.

2. For this option, ACS need to generate self cert (*.cer). Install this cert in client PC as well.

'System Configuration - ACS Certificate Setup'.

Cert subjetc : cn=

Cert file: c:\your_cert.cer

Private key file: c:\privatekey.pvk

Private key password:

Retype private key password:

Key length:

Digest to sign with: SHA1

Install generated cert:

For 'System Configuration - Global Authentication Setup', follow the guide in this url:

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801bd035.shtml

3. If you use external database mapping, make sure your ACS already joint your domain. Otherwise, it won't work. But you need to resolve your client auth via local AAA first before enabling this option.

For 'NAS duplicate authentication attempt', I have seen this message, which refers to client authentication attempt via AP that talk to more than 1 AAA/ACS (not sure related to your case).

Quick check:

In your ACS, enable IETF Radius Attribute [006] login & [007] Login.

Rgds,

AK

0 Helpful
Customers Also Viewed These Support Documents