cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1333
Views
0
Helpful
2
Replies

ACS appliance 4.1 - machine authentification from trusted Domain failed

amcorpicagw
Level 1
Level 1

We have a acs appliance 4.1 with a agent running on a X domain controller to authenticate user's from the X domain active directory.

User's and Computer's are able to authenticate without any issue on X domain.

We have recently add a trusted Y domain on this X domain.

User's from Y domain are able to authenticate on our ACS without any issue , but machine are not able to authenticate.

03/14/201110:44:32Authen failedhost/FLADWS0072.YdomainDefault Group00-26-82-d6-9b-3f(Default)External DB user invalid or bad password

Machine use is the following settings to authenticate :

EAP type : EAP (PEAP) 

Authentification method : EAP-MSCHAP v2

On Y domain active directory :

Remote access permission is ok for machine

On ACS applicance :

"Enable PEAP machine authentication" is select + the machine from X Domain are authenticate without any issue.

Any idea where is should start to invetigate ?

Tks in advance for your help

2 Replies 2

mansrini
Cisco Employee
Cisco Employee

Gauthier,

Is domain Y part of the same forest or different ? Also, what is the complete build and patch number that you are running on the acs?  There are caveats in the lines of machine auth not working cross forest even when there is a two way trust and other caveats such as

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsq87007


And most/all of these issues are fixed if you install the latest build/patch on 4.1..

Thanks,

Mani