I have a strange situation with Microsoft NPS.
I have C5210 controller with 802.1x auth configured over Captive Portal.The task was to configure 802.1x auth using MS Active Directory, the domain name is "abc.def.local". I mean, I have users in both "abc" domain and in "def". At the moment everything works for "abc" domain, but doesn't work for "def".
By default, when I input just "username" and "password" (without ABC\username) at Captive Portal, controller sends it to NPS and it accepts these inputs for domain "abc". Access granted, voila!
But when I need to authenticate users in "def" domain something goes wrong. At Captive Portal I input "DEF\username" and password, then controller sends it to NPS. I can see in NPS's log that it came to NPS correctly. But NPS says "access denied". The password is OK, the account is not locked. This NPS server acts also as RADIUS for cisco WLC, it this user can be authenticated over CISCO WLC!!!
I've spent several hours checking NPS log and found out that using C5120 the only difference for users in ABC domain and DEF domain is the following:
in case of DEF the System ID field is empty. How does it happen? This is part of NPS log:
Security ID: NULL SID
User name: def\ivan
Username domain: DEF
Full username: DEF\ivan
Could you please share any ideas how could the problem be resolved?
Many thanks in advance,