I think it might be something in the client AP combination, we use HP420, and Proxim 4000 AP's with IAS for radius and many different supplicants, from XP to openSEA, we have an account lockout policy but ours just challenges for the correct password, and records the event in event viewer....
________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Rick Coloccia Sent: Fri 3/7/2008 5:23 AM To: [email protected] Subject: Re: [WIRELESS-LAN] IAS Logging In your IAS administration tools applet, when you open select "Remote Access Logging" on the left, and then right click on Local File and select properties, do you have all 3 options checked? I do and I get all sorts of information, including mac addresses. I don't have accounts getting locked out (yet) but I get mac address in there for machines trying to join networks they aren't permitted in. -Rick Howd, Walt wrote: > We have a similar setup (Cisco LWAPP environment, controllers logging to > IAS) and have seen the same issue. If you find anything useful, I would > be interested. > > ________________________________ > > Walt Howd > Network Systems Admin > Information Technology Services > Truman State University > SunGard Higher Education > Managed Services > 100 East Normal Street > Kirksville, MO 63501 > [EMAIL PROTECTED] > > > -----Original Message----- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[EMAIL PROTECTED] On Behalf Of Craig > Pluchinsky > Sent: Thursday, March 06, 2008 3:12 PM > To: [email protected] > Subject: [WIRELESS-LAN] IAS Logging > > Currently we have an 802.1x wireless network setup with Cisco APs, Cisco > > Wireless Lan Controllers and Microsoft IAS as our RADIUS server. We are > > seeing issues where a users active directory account is being locked out > > because of too many incorrect password attempts. This is being logged > in > the security event log on the server but not in the IAS logs. The > security > event log does not show a mac address or machine name. IAS should be > logging a Reason-Code 36 IAS_ACCOUNT_LOCKED_OUT in the IAS log. The > problem > is the client looks like it is incorrectly configured so it keeps trying > to > authenticate every few seconds keeping the users active directory > account > locked out. We then have to track down the mac address either with a > packet > sniffer or find it in WCS and add it to the disabled clients list on the > > controllers to keep it from repeatedly trying to connect and locking the > > active directory account out. Any ideas as to why IAS is not logging > this > error? If it logged in the IAS logs we could then get the mac address > from > the Calling-Station-ID. > > ------------------------------- > Craig Pluchinsky > IT Services > Indiana University of Pennsylvania > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > -- Rick Coloccia, Jr. Network Manager State University of NY College at Geneseo 1 College Circle, 119 South Hall Geneseo, NY 14454 V: 585-245-5577 F: 585-245-5579 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
