ACS 5.3 trying to authenticate Macbooks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2012 03:32 AM - edited 03-10-2019 07:29 PM
Having an issue with Macbook authentication. All Macbooks at this one site, on same switch, going to same RADIUS server, work except for one. Looking at logs it appears server and client never exchange certificates. Attached is log for failed Macbook authentication. Any help is appreciated.
- Labels:
-
AAA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2012 01:34 PM
Adam,
Do the other macbooks have a machine account in Active directory? If so then this machine doesnt exist in AD. It looks like the client to radius authentication is working, its the issue with ACS to AD not being able to find the machine account:
24433 Looking up machine/host in Active Directory - host/GVLMB009.internal.cigna.com
24437 Machine not found in Active Directory
Thanks,
Tarik Admani
*Please rate helpful posts*
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2012 01:37 PM
Thanks for the reply. All macbooks are in AD and have machine accounts. The host GVLMB009 had its certificate replaced. Do you think perhaps the AD machine account is corrupt or the shared secret between client and AD no good??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2012 03:09 PM
How are the certificates issue? It looks as if the for some reason this ACS is unable to find the machine account. What you can do to troubleshoot this issue is to go the Active Directory Settings then go to attributes, here it will ask you type in a username and you can use GVLMB009$ to see if acs is able to pull the attributes from AD for this account. That will get us started in the troubleshooting process.
Here is a screenshot that will explain what I mean.
Thanks,
Tarik Admani
*Please rate helpful posts*
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2012 03:43 PM
Hi Adam ,
Double check the domain name if it's configured on the MACbook also if the machine/computer account is configured correctly on the AD.
Hope This Helps
