RE: IAS authorization against AD groups without authentication
- From: Niall Inglis <NiallInglis@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 29 Oct 2008 08:26:11 -0700
I've come up with another problem. Each AAA request from the Cisco involves
two RADIUS interactions, one for authentication and one for what I assume is
authorisation.
When I send through a RADIUS-REQUEST for authentication and pass a valid
username and password, IAS finds the account object, authenticates me and
gives me RADIUS-ACCEPT.
When I send the same username string through for authorisation the IAS
server doesn't seem to find the account, it takes a guess and derives a
DOMAIN/ID format FQDN (which it gets correct) and then returns a
RADIUS-REJECT.
The only way I can successfully connect is to get the NAS to ignore the
authorisation stage.
"Niall Inglis" wrote:
Hi,.
snip
- References:
- IAS authorization against AD groups without authentication
- From: Niall Inglis
- IAS authorization against AD groups without authentication
- Prev by Date: IAS authorization against AD groups without authentication
- Next by Date: RE: 802.1X configuration for IAS and Cisco WLC 4402
- Previous by thread: IAS authorization against AD groups without authentication
- Next by thread: RE: 802.1X configuration for IAS and Cisco WLC 4402
- Index(es):
Relevant Pages
|
Loading
