cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
449
Views
0
Helpful
2
Replies

LEAP, ACS 3.1 Active Dir username changes

mordac
Level 1
Level 1

We have an active directory domain.

We have users with 350 pcmcia cards in their thinkpads connecting to 1200 APs set to allow authentication to an external DB (the AD domain).

Everything was happy until a user got married.

Her name changes.

My day is ruined.

Now, when she logs in the ACS server flags it as a failed attempt instantly. I can replicate this perfectly. It doesn't allow her to login. When she sits down at a wired machine she can login with no problems. So we know the account is good. What I can't understand is why, if we're set to pass unknown users and all authentication to the external DB (AD domain), this doesn't work? Surely the ACS server should just treat this new username as unknown and bounce it to the AD domain?

Anyone seen this before? Or perhaps more importantly anyone fixed this yet? I've posted over at CCO on the cisco site and no luck there yet. I've also googled extensively and nothing of use. Lots of info on password changes but nothing on username changes.

many thanks

J

note: edited for clarity

2 Replies 2

jmatusie
Level 1
Level 1

What does the error in the "Failed Attempts" log say on the ACS server?

Is there a single AD domain in your org? If there are multipel domains, could there be a user with the same username in another domain that ACS is checking first?

Jmatusie,

Interesting thought but there is only one user with this ID thoughout the organisation.

J

Review Cisco Networking for a $25 gift card