Solved

IAS Authentication rejected for existing users

Posted on 2008-10-07
2
2,403 Views
Last Modified: 2009-03-16
I have the same issue as in following question

http://www.experts-exchange.com/Networking/Security/IPSec/Q_22844878.html?sfQueryTermInfo=1+account+ad+authent+exist+failur+radiu

However, I still have the same issue. I have tried the all the steps above but still not working. Following is what I get when successful

User tst@example.com was granted access.
 Fully-Qualified-User-Name = example.com/OU/tst
 NAS-IP-Address = 192.168.240.6
 NAS-Identifier = <not present>
 Client-Friendly-Name = PIX
 Client-IP-Address = 192.168.240.66
 Calling-Station-Identifier = <not present>
 NAS-Port-Type = Virtual
 NAS-Port = 324
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = PIX
 Authentication-Type = PAP
 EAP-Type = <undetermined>

Following when unsuccessful

User test1@example.com was denied access.
 Fully-Qualified-User-Name = example\test1
 NAS-IP-Address = 192.168.240.6
 NAS-Identifier = <not present>
 Client-Friendly-Name = PIX
 Client-IP-Address = 192.168.240.66
 Calling-Station-Identifier = <not present>
 NAS-Port-Type = Virtual
 NAS-Port = 324
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = PIX
 Authentication-Type = PAP
 EAP-Type = <undetermined>

What is interesting is when I create a user account (username) on AD with Upper case authentication fail. However, same with lower case authetication successful. Even for existing accounts.
   

0
Comment
Question by:davbouchard
2 Comments
 
LVL 6

Accepted Solution

by:
davbouchard earned 0 total points
ID: 22776060
Issue resolved by configuring the attributes $ to @domain.com
0
 

Expert Comment

by:peterellis
ID: 23896855
davbouchard:,
I have got the same issue as yourself about being denied access due to authentication.
Can you explain in detail what you mean by 'configuring the attributes $ to domain.com'??
What steps did you perform to get authentication to work??
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS Replication 12 68
.dn property wont validate - Powershell 2 22
disable group policy updates Locally on Windows 7 Domain 4 43
Removing Exchange 2003 3 13
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question