03-14-2002 05:37 AM - edited 03-08-2019 10:03 PM
We have two domains, a native mode W2K domain and an NT 4.0 domain. We are using 350 Series APs and wireless cards that are authenticating through the Cisco Secure 3.0 box. The clients and the Access points are configured per Cisco's guidelines for LEAP. Both the Windows 2000 and NT 4.0 domains have been added as external databases in ACS and the APs have been added as AAA clients. When logging on from a 2K client, only users from the NT 4.0 domain get validated. Users in the 2000 domain receive something to the effect of "user could not be found, etc." The ACS box is in the 2000 domain as is the client computer that is trying to log on. We've even tried removing the NT 4.0 domain (there is a trust in place) and still only the NT 4.0 users are validated. Anybody else seen this? Any ideas? Thanks in advance.
03-14-2002 11:39 AM
Hi,
On what OS is installed the ACS?
Marc.
03-14-2002 11:51 AM
The ACS is installed on Windows 2000 Server and the client is running Windows 2000 Professional.
03-15-2002 06:48 AM
And your Win2000 Server is member of which domain, the NT4 or Win2000 Domain?
03-15-2002 09:50 AM
The Windows 2000 Server on which ACS is running is in the 2000 domain. The ACS services have been set up to run under a service account we've created that is a member of the domain admins group for the 2000 domain.
03-15-2002 10:59 AM
Hi,
Is your unknown user policy rules correct?
Did you have added the two Domain in the Selected Databases List of the Unknown user Policy?
If not, go to External User Databases/Unknown User Policy then select the Win2000 Domain in the External Databases box and click on the buttons "->". Then click Submit.
Let me know if this is the problem?
Regards,
Marc.
03-19-2002 09:29 AM
The unknown user policy is set to check the correct external database, so this doesn't seem to be the issue either. I've actually opened a TAC on the case and they've recommended installing ACS on a domain controller, so I may have to do that. Thanks for your help. Are/were you experiencing the same issue?
Thomas
03-20-2002 01:58 AM
Hi,
No, not this problem. But other related to the interconnection between the ACS and the ADS.
Regards,
Marc.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide