ACS and Active Directory

Discussion in 'Cisco' started by Lalo, Apr 28, 2006.

  1. Lalo

    Lalo Guest

    Hello everybody outhere using Cisco devices

    I have a problem with a ACS Server Version 4.0 and a Windows Active
    Directory 2003. The architechture that Im using is:

    a) User (supplicant) presents credentials to a IOS Switch via IEEE
    802.1X
    b) The switch (client) forwards credentials to RADIUS Server (ACS 4.0
    /Windows )
    c) The RADIUS server (ACS 4.0 / WINDOWS) forwards credentials to W2003
    Active Directory
    d) The user is denied or granted access to the network depending the
    case


    I can authenticate users perfectly if they are configured with protocol
    PEAP on his IEEE 802.1X network interface options and Active Directory
    authenticate users with his database,

    I can authenticate users that are configured on the local ACS database

    But when I configure MD5 Challenge on the supplicants (Windows XP) they
    cannot get access to the network and on ACS logfiles I can read a a
    "Auth type not supported by External Database"

    I triend enabling reversibly encrypted passwords in a domain but that
    does not work and I cant authenticate users with MD5 on Active
    Directory

    Can anybody please help me?? This is an issue that I've been working
    during 1 week and I cannot solve

    regards Lalo
     
    Lalo, Apr 28, 2006
    #1
    1. Advertisements

  2. Lalo

    thrill5 Guest

    As far as I know this cannot be done because Active Directory does not do
    MD5 passwords (only MS-CHAP.) This is why you are getting "Auth type not
    supported" error message.

    Scott
     
    thrill5, May 1, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.