Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1290
Views
0
Helpful
1
Replies

ACS/RSA authentication failure on EAP-FAST/GTC

Heng Zhang
Level 1
Level 1

‎05-19-2011 03:08 PM - edited ‎03-10-2019 06:06 PM

I have a Cisco ACS (Release 4.1) and RSA authentication server (7.1, SP2) installed and configured. RSA agent is also installed/configred on ACS server.

I tried to to test both PEAP/GTC and EAP-FAST/GTC with hard token through ACS, The WLAN client is Odyssey Access client running on Windows XP station. There is a user called "wlan_tester" created on both ACS and RSA server. On ACS, I set password authentication to use "RSA Secuire ID token Server" to authenticate this user.

On the Odyssey client, when I used PEAP/GTC for authentication, the authentication was successful. The RSA server showed the request for token authentication.

With the same user id, when I tried to use EAP-FAST/GTC for authentication, the authentication failed. ACS server showed error message of "External DB password invalid", Odyssey kept asking new EAP-FAST credentials. However is there no request showed up on RSA side. It looked like ACS didn't even try it.

The problem drove me nuts. Can someone please give me a hand?

I've also attached the ACS global configuration for EAP-fast in this post.

Thanks much

-hg

Labels:
Preview file
238 KB
0 Helpful
1 Reply 1

Tarik Admani
VIP Alumni
VIP Alumni

‎05-30-2011 10:51 PM

Hg,

Only PEAP-GTC is supported for token servers:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/Overvw.html#wpxref846

Thanks,

Tarik Admani

0 Helpful
Customers Also Viewed These Support Documents