Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
359
Views
0
Helpful
1
Replies

Password Aging/Notifications on ACS 3.3 and AD

Dave Anthony David
Level 1
Level 1

‎06-01-2006 05:44 PM - edited ‎03-10-2019 02:36 PM

Hi everyone!

Equipments involved:

Cisco ACS 3.3 Appliance

Microsoft Active Directory

Aironet 1200 AP

IBM Thinkpad T42, WinXP SP2

Authentication used:

WPA/TKIP/PEAP

Supplicants:

Thinkvantage (4.12)

Odyssey Client 4.32

Windows PEAP Supplicant

Problem:

How to push notifications like 'Account is disabled', Account is locked-out' from AD to Wireless Client when the user is about to connect to wireless network?

Labels:
0 Helpful
1 Reply 1

darpotter
Level 5
Level 5

‎06-06-2006 02:11 AM

Hi

I can see why you might want to offer this at it aids in self-diagnosis of connection problems.

However, AAA servers historically (as any other security server) do not tend to offer clues as to the reason for an authentication failure.

Also AD will only give back a failure code, the AAA server then has to map the failure code to a readable string - then you get interpretation issues etc

Technically there is no reason why a Reply-Message attribute cant be included in the final Authentication-Reject message, or even inside the PEAP tunnel. But asking for a protocol change would be harder than getting blood from a stone!

Darran

0 Helpful
Customers Also Viewed These Support Documents