Currently we have an 802.1x wireless network setup with Cisco APs, Cisco
Wireless Lan Controllers and Microsoft IAS as our RADIUS server. We are
seeing issues where a users active directory account is being locked out
because of too many incorrect password attempts. This is being logged in
the security event log on the server but not in the IAS logs. The security
event log does not show a mac address or machine name. IAS should be
logging a Reason-Code 36 IAS_ACCOUNT_LOCKED_OUT in the IAS log. The problem
is the client looks like it is incorrectly configured so it keeps trying to
authenticate every few seconds keeping the users active directory account
locked out. We then have to track down the mac address either with a packet
sniffer or find it in WCS and add it to the disabled clients list on the
controllers to keep it from repeatedly trying to connect and locking the
active directory account out. Any ideas as to why IAS is not logging this
error? If it logged in the IAS logs we could then get the mac address from
the Calling-Station-ID.
-------------------------------
Craig Pluchinsky
IT Services
Indiana University of Pennsylvania
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
