locked
IAS Logging RRS feed

  • Question

  • We are currently running an 802.1x wireless network using Cisco Wireless Lan Controllers and IAS as our RADIUS server.  We are having issues with certain things not being logged in the IAS logs.  An example is if a user keeps trying to login with an incorrect password X number of times their active directory account becomes locked out.  The security event log on the IAS server shows the account lockout but the IAS log does not show a Reason-Code 36 IAS_ACCOUNT_LOCKED_OUT.  Problem is the client keeps trying to connect and keeps locking the users active directory account out and we need some type of identifier like a mac address to deny it access to the wireless network until we can get the client setup issue resolved.
    Thursday, March 6, 2008 8:51 PM

Answers

  • what you mention as IAS logs is the event viewer logs (or) Text/SQL log? Is that no response is sent by IAS? (or) access reject is sent with different reason code? Is the requirement is to deny access to a particular user? To deny based on the MAC address, MAC address needs to be sent as calling station ID attribute and verify caller ID option for that user account in AD needs to be configured with that MAC address and deny dialin access needs to be set.

    Thursday, May 1, 2008 10:18 PM