Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
340
Views
0
Helpful
2
Replies

ACS Time Sync for User Authentication

bnace
Level 1
Level 1

‎03-09-2016 10:52 AM - edited ‎03-10-2019 11:33 PM

I have a WLC that has two identical ACS 5.5 used as RADIUS for authentication. The primary works fine without any issues. The secondary (relative to the WLC) is having authentication issues. There is no path issue between the WLC and the two ACSs. I do see that the secondary has not kept synchronization with the NTP clock. I see documents where this can be an issue with machine authentication but none that address user authentication. Can anyone provide information about whether this can be an issue and the documentation to support. Users are using PEAP (no certificate) to authenticate. The time difference is ~ 4 minutes in drift at this time.

Labels:
0 Helpful
2 Replies 2

Javier Henderson
Level 4
Level 4

‎03-09-2016 11:14 AM

If ACS is configured to use AD as the back-end user database, the maximum clock drift allowed is five minutes. This would affect both machine and user authentications.

What reason is ACS giving to reject the authentication attempts?

Javier Henderson

Cisco Systems

0 Helpful

bnace
Level 1
Level 1
In response to Javier Henderson

‎03-09-2016 11:29 AM

In my case the users are all within the Local ACS database. AD is not being used.

0 Helpful
Customers Also Viewed These Support Documents