We're using Cisco Secure ACS 5.1.0.44 for LDAP(Active Directory) authentication on our cisco devices. The login prompt is spotty at times. I have noticed that two like devices, say two 1231 AP's with the exact same configurations and IOS, minus device name and IP address of course, on the same subnet, do not respond to ACS the same way. One prompts for domain credentials and the other just asks for a password. The thing that sucks is that half the time the ACS fails, the old vty login password no longer works either so I can no longer access the device.
Also, the device that failed to prompt for the domain credentials takes an extremely long time to prompt for a password and then takes an extremely long time to authenticate the password.
$ telnet x.x.x.x
Trying... <---------- this takes up to 10 seconds or longer.
Connected to x.x.x.x
Escape character is '^]'.
Password: vty password works most times, but not all
the other resonds appropriately
$ telnet x.x.x.x
Trying... <---------- This is instantaneous.
Connected to x.x.x.x
Escape character is '^]'.
Corp Domain Username: user
Password: xxxx
What gives?!?!?!?!?!? It's driving me nuts!!!!!!!!!!!!!!!!