03-14-2011 10:21 AM - edited 03-10-2019 05:54 PM
We have a acs appliance 4.1 with a agent running on a X domain controller to authenticate user's from the X domain active directory.
User's and Computer's are able to authenticate without any issue on X domain.
We have recently add a trusted Y domain on this X domain.
User's from Y domain are able to authenticate on our ACS without any issue , but machine are not able to authenticate.
03/14/2011 | 10:44:32 | Authen failed | host/FLADWS0072.Ydomain | Default Group | 00-26-82-d6-9b-3f | (Default) | External DB user invalid or bad password |
Machine use is the following settings to authenticate :
EAP type : EAP (PEAP)
Authentification method : EAP-MSCHAP v2
On Y domain active directory :
Remote access permission is ok for machine
On ACS applicance :
"Enable PEAP machine authentication" is select + the machine from X Domain are authenticate without any issue.
Any idea where is should start to invetigate ?
Tks in advance for your help
03-18-2011 07:20 AM
Gauthier,
Is domain Y part of the same forest or different ? Also, what is the complete build and patch number that you are running on the acs? There are caveats in the lines of machine auth not working cross forest even when there is a two way trust and other caveats such as
And most/all of these issues are fixed if you install the latest build/patch on 4.1..
Thanks,
Mani
03-18-2011 07:21 AM
Dear Valued Cisco Customer,
I will be out of the office from 03/20/2010 until 04/04/2010. During
this time, I will have no access to email or voicemail. If you require
assistance during my absence, please contact Manivannan Srinivasan via
phone at 469-255-4806 or via email at mansrini@cisco.com and this
engineer will continue to work any immediate concerns you may have at
this time. If this issue can wait until my return on 04/05/2010, I will
be glad to continue working with you. If you require assistance outside
of our business hours (10:00am - 7:00pm CST), please contact the TAC by
calling 1800-553-2447 or email tac@cisco.com and request to have the
service request re-assigned.
Best Regards,
Abhishek Neelakanata
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide