I have a Cisco ACS (Release 4.1) and RSA authentication server (7.1, SP2) installed and configured. RSA agent is also installed/configred on ACS server.
I tried to to test both PEAP/GTC and EAP-FAST/GTC with hard token through ACS, The WLAN client is Odyssey Access client running on Windows XP station. There is a user called "wlan_tester" created on both ACS and RSA server. On ACS, I set password authentication to use "RSA Secuire ID token Server" to authenticate this user.
On the Odyssey client, when I used PEAP/GTC for authentication, the authentication was successful. The RSA server showed the request for token authentication.
With the same user id, when I tried to use EAP-FAST/GTC for authentication, the authentication failed. ACS server showed error message of "External DB password invalid", Odyssey kept asking new EAP-FAST credentials. However is there no request showed up on RSA side. It looked like ACS didn't even try it.
The problem drove me nuts. Can someone please give me a hand?
I've also attached the ACS global configuration for EAP-fast in this post.
Thanks much
-hg