Cisco Secure ACS 4.2 Radius and Active Directory - Problem with getting ACS to use AD as an external Database
Posted on 2008-10-16
I am setting up a Cisco Secure ACS 4.2 server to act as a radius server for EAP (LEAP and PEAP) authentication on Aironet 1230 Access points. I am using Windows 2003 server for the ACS, and a Windows 2003 Active Directory server. The AD server is fine, as it is used for many other things.
I have set up ACS as defined nit he installation guide, including all the steps in the 'Member Server' section of the install guide when using AD as an external database (i.e. setting up the services to run with a domain admin account, setting up a machine called 'CISCO' on the domain etc).
I've set the unknown user policy to use the Windows database if the internal database doesn;t contain the user details.
If I add a user to the internal database, the authentication goes through fine, with an entry in the 'Passed Authentications' log, and the wireless user is authenticated to the WLAN. However, I don;t want to sue the internal database - I want to use AD to authenticate users. If I use an AD username and password, the user doesn't get authenticated, and i get 'Internal error' in the Failed attempts log.
If I check the Radius Log on ACS, I get the line :-
RDS 10/16/2008 11:04:04 E 2996 5556 0x0 Error UDB_NT_UNKNOWN_ERR authenticating (username here) - no response sent to NAS
I've scoured google etc, and just cannot come up with any reason why this should be happening. I've followed all the install guides to the letter. I need to get this up and running as soon as possible, so am looking forward to finding out if anyone can help me with this one!