07-22-2005 01:41 PM - edited 03-10-2019 02:14 PM
Hello
ACS 3.3.2 has a mapping to a 2003 MS AD domain member machine. The users are all in the AD. Now when a valid user but with a wrong password tries to login, then the failure is just seen in the 2003 MS security event log and not in the ACS failed attempts. I this a normal behavoir?
best regards
Oliver
07-28-2005 08:52 AM
Cisco Secure ACS Solution Engine includes a feature called Support, found in the System Configuration section of the HTML Interface. When you select the Run Support Now option on the Support page of an appliance that is configured to use a remote agent for any service, the appliance instructs the remote agent to collect copies of its diagnostic logs. The Windows agent produces a cabinet file containing the log files. The Solaris agent produces a tar file containing the log files.
08-15-2005 04:17 AM
Hello
unfortunately this option is possible with the windows ACS. I think, in the past with older version of the ACS or with Win2000 was this never an issue!
What do you think?
best regards
Oliver
08-15-2005 06:38 AM
Actually, this is normal behavior WRT how the MSFT supplicant currently operates. Assuming the machine has 802.1x authenticated itself, and assuming the machine is then subsequently and successfully attached to a domain, and assuming you have the supplicant configured to 802.1x authenticate a user ...
Then the experience you will get is Kerberos failing on a type-o'd password. So, it's similar to the experience you get today without 802.1x.
Does this answer your question?
p.s. You can verify this by checking the switch as well. If you don't see the port in a HELD state at the point in time, that means AAA didn't tell it to fail the attempt via RADIUS-Reject packet, hence AAA didn't send one, hence it won't be in a failed-auth log since from the AAA perspective, nothing really happened in this specific scenario.
08-15-2005 10:42 AM
Actually not...
What do you mean with WRT and MSFT exactly?
Why do you point to kerberos?
best regards
Oliver
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide