From: Sadiq Yakasai (sadiqtanko@gmail.com)
Date: Mon Feb 09 2009 - 08:14:40 ARST
Scott and Darby, I couldnt agree with you more on that! But back to why we
are here as techies ... :-)
Edourd,
I am confident this is not a bug to do with ACS at all!
Going through the documentation of your VASCO server, this server is meant
to sit **between you AAA client (authenticator, switch) and ACS**! However,
it seems you have placed the VASCO server *behind* your AAA server! It is
only when you configure TACACS that you have it behind the aaa server.
From what I am seeing, this VASCO server should be a caching/sniffing the
system for users on the network. AND it does not speak RADIUS with ACS. All
it seems to do is proxy RADIUS between the switch and ACS. Hence what you
see:
"PC-USER can not log-in with 802.1x. I have used EAP-MD5 and PEAP w/o luck.
The message I get inside the ACS is that user is not sending the right
password: "External DB password invalid". The interesting thing is that the
packen never leave the ACS to go to the Vasco Server."
So, if you can reconfigure your setup correctly, I am confident you will see
some level of progress there :-)
HTH,
Sadiq
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:10 ARST