On my windows xp pro sp2 laptop with KB917021 and KB893357 that has a
working 802.1x setup I intentionally entered a wrong password for my AD
account and locked it out. Searched the IAS logs saw a bunch of
Reason-Code16 (IAS_AUTH_FAILURE) then I saw the Reason-Code 36. Maybe it's
something on the client end?
----- Original Message -----
From: "Howd, Walt" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Thursday, March 06, 2008 5:35 PM
Subject: Re: [WIRELESS-LAN] IAS Logging
We have a similar setup (Cisco LWAPP environment, controllers logging to
IAS) and have seen the same issue. If you find anything useful, I would
be interested.
________________________________
Walt Howd
Network Systems Admin
Information Technology Services
Truman State University
SunGard Higher Education
Managed Services
100 East Normal Street
Kirksville, MO 63501
[EMAIL PROTECTED]
-----Original Message-----
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Craig
Pluchinsky
Sent: Thursday, March 06, 2008 3:12 PM
To: [email protected]
Subject: [WIRELESS-LAN] IAS Logging
Currently we have an 802.1x wireless network setup with Cisco APs, Cisco
Wireless Lan Controllers and Microsoft IAS as our RADIUS server. We are
seeing issues where a users active directory account is being locked out
because of too many incorrect password attempts. This is being logged
in
the security event log on the server but not in the IAS logs. The
security
event log does not show a mac address or machine name. IAS should be
logging a Reason-Code 36 IAS_ACCOUNT_LOCKED_OUT in the IAS log. The
problem
is the client looks like it is incorrectly configured so it keeps trying
to
authenticate every few seconds keeping the users active directory
account
locked out. We then have to track down the mac address either with a
packet
sniffer or find it in WCS and add it to the disabled clients list on the
controllers to keep it from repeatedly trying to connect and locking the
active directory account out. Any ideas as to why IAS is not logging
this
error? If it logged in the IAS logs we could then get the mac address
from
the Calling-Station-ID.
-------------------------------
Craig Pluchinsky
IT Services
Indiana University of Pennsylvania
**********
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
