Re: acs 4.0, peap-mschapv2 and machine authentication

sbe · ‎10-27-2006

hi,

ive a problem with some wlan-users and machine authentication. mostly users are pass machine auth but sometimes the login fails. in the auth.log are the following entries:

AUTH 25/10/2006 13:43:51 I 0897 2216 AuthenProcessResponse: process response for 'XXXX\yyyyyyyy'

AUTH 25/10/2006 13:43:51 I 1554 2216 pvAuthenticateUser: authenticate 'XXXX\yyyyyyyy' against Windows Database

AUTH 25/10/2006 13:43:51 I 0376 2216 External DB [NTAuthenDLL.dll]: Starting MSCHAP authentication for user [XXXX\yyyyyyyy]

AUTH 25/10/2006 13:43:51 I 0376 2216 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user yyyyyyyy

AUTH 25/10/2006 13:43:51 I 0376 2216 External DB [NTAuthenDLL.dll]: Windows authentication SUCCESSFUL (by DCXXX)

AUTH 25/10/2006 13:43:51 I 0376 2216 External DB [NTAuthenDLL.dll]: User mapped to ACS group id [1]

AUTH 25/10/2006 13:43:51 I 0376 2216 External DB [NTAuthenDLL.dll]: Group 1 is forced to pass Machine Authentication

AUTH 25/10/2006 13:43:51 I 0376 2216 External DB [NTAuthenDLL.dll]: Force machine AUTH mapping to group [-1]

AUTH 25/10/2006 13:43:51 I 0376 2216 External DB [NTAuthenDLL.dll]: User is mapped to a disabled ACS group

AUTH 25/10/2006 13:43:51 I 5081 2216 Done RQ1027, client 50, status -2046

AUTH 25/10/2006 13:43:51 I 5094 2216 Worker 5 processing message 18.

AUTH 25/10/2006 13:43:51 I 5081 2216 Start RQ1027, client 50 (127.0.0.1)

AUTH 25/10/2006 13:43:51 I 0897 2216 AuthenProcessResponse: process response for 'XXXX\yyyyyyyy'

AUTH 25/10/2006 13:43:51 I 0361 2216 EAP: PEAP: Second phase: 26 authentication FAILED

background:

the acs default group is disabled and group 1 (named wlan) is mapped to active directory.

Jagdeep Gambhir · ‎10-28-2006

It seems to be a misconfiguration issue. What error we are getting on acs failed attempts ?