On my windows xp pro sp2 laptop with KB917021 and KB893357 that has a working 802.1x setup I intentionally entered a wrong password for my AD account and locked it out. Searched the IAS logs saw a bunch of Reason-Code16 (IAS_AUTH_FAILURE) then I saw the Reason-Code 36. Maybe it's something on the client end?

----- Original Message ----- From: "Howd, Walt" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Thursday, March 06, 2008 5:35 PM
Subject: Re: [WIRELESS-LAN] IAS Logging


We have a similar setup (Cisco LWAPP environment, controllers logging to
IAS) and have seen the same issue. If you find anything useful, I would
be interested.

________________________________

Walt Howd
Network Systems Admin
Information Technology Services
Truman State University
SunGard Higher Education
Managed Services
100 East Normal Street
Kirksville, MO 63501
[EMAIL PROTECTED]


-----Original Message-----
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Craig
Pluchinsky
Sent: Thursday, March 06, 2008 3:12 PM
To: [email protected]
Subject: [WIRELESS-LAN] IAS Logging

Currently we have an 802.1x wireless network setup with Cisco APs, Cisco

Wireless Lan Controllers and Microsoft IAS as our RADIUS server.  We are

seeing issues where a users active directory account is being locked out

because of too many incorrect password attempts.  This is being logged
in
the security event log on the server but not in the IAS logs.  The
security
event log does not show a mac address or machine name.  IAS should be
logging a Reason-Code 36 IAS_ACCOUNT_LOCKED_OUT in the IAS log.  The
problem
is the client looks like it is incorrectly configured so it keeps trying
to
authenticate every few seconds keeping the users active directory
account
locked out.  We then have to track down the mac address either with a
packet
sniffer or find it in WCS and add it to the disabled clients list on the

controllers to keep it from repeatedly trying to connect and locking the

active directory account out.  Any ideas as to why IAS is not logging
this
error?  If it logged in the IAS logs we could then get the mac address
from
the Calling-Station-ID.

-------------------------------
Craig Pluchinsky
IT Services
Indiana University of Pennsylvania

**********
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Reply via email to