10-07-2007 06:55 PM - edited 03-10-2019 03:25 PM
Hi All,
Have a weird question about NAC 802.1x framework deployment.
Environment :
Client(with CTA)---ACS SE (ver 4.0)---MS AD(ACS remote agent)
The NAC deployment is fine, until we have a problem with Password policy set at AD. AD require user change password every month, CTA able to prompt for change password but it just processing until timeout and users can't login to network. Users need to restart few times until the prompt from MS asking change password only it work.
Have configure allow all authentication include MSCHAP ver 1 and 2. Follow ACS documentation about user group configuration enable user change password....etc
Second question is about disable user account at AD, it look like need to restart 2 times only the disable account take effect.
Anyone have experince this before? Any workaround?
Thanks
YokeChuan
10-10-2007 12:56 AM
Dear Yoke,
EAP-GTC is second phase of PEAP with MSCHAPvs authentication process and ACS 4.0 has a bug (CSCsc00788) about it. The bug is fixed with 4.1 so you should upgrade the version of ACS.
Kind Regards,
Serhat
10-10-2007 02:11 AM
Hi Serhat,
Thanks a lot for help in this matter, will check with TAC Engineer.
For second issue, about AD user account disable. It need to restart pc twice before it will take effect, are this also a bug? i seen other user have post this question before, it look like no workaround at the moment.
Thanks
YokeChuan
10-10-2007 05:55 AM
Dear Yoke,
I dont know exactly that i might be related with a bug. Could you check the release notes for ACS 4.0. http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/release/notes/RNwin401.html#wp37535
Known problems contains all the bug information related to the version.
Also TAC engineer will inform you if you have already opened a case.
Kind regards,
Serhat
10-10-2007 07:50 AM
Hi Serhat,
Thanks a lot, will clarify with TAC engineer.
Appreciate your valuable response.
Thanks
YokeChuan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide