Cannot get iLOM to authenticate against Active Directory

Similar Messages

• Cisco ISE (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out)

  Hi,
  I have a setup ISE 1.1.1. Users are getting authenticate against AD. Everything is working fine except some users report disconnection. I see in the ISE that (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out). Users are using Windows 7 OS.
  Error is enclosed & here is the port configuration.
  Port Configuration.
  interface GigabitEthernet0/2
  switchport access vlan 120
  switchport mode access
  switchport voice vlan 121
  authentication event fail action next-method
  authentication event server dead action reinitialize vlan 120
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication order mab dot1x
  authentication priority dot1x mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 60
  spanning-tree portfast
  ip dhcp snooping limit rate 30 interface GigabitEthernet0/2
  switchport access vlan 120
  switchport mode access
  switchport voice vlan 121
  authentication event fail action next-method
  authentication event server dead action reinitialize vlan 120
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication order mab dot1x
  authentication priority dot1x mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 60
  spanning-tree portfast
  ip dhcp snooping limit rate 30
  Please help.

  The error message means that Active Directory server Reject the authentication attempt
  as for some reasons the user account got locked.I guess, You should ask your AD Team to check in the AD
  Event Logs why did the user account got locked.
  Under Even Viewers, You can find it out
  Regards
  Minakshi (Do rate the helpful posts)

• Cannot find the object "CrossRef" in Active Directory

  I am trying to install Lync 2013. I'm getting the following error: Error:
  An error
  occurred: "Microsoft.Rtc.Management.Deployment.ActiveDirectoryException" "Cannot
  find the object "CrossRef" in Active Directory."
  WARNING: Enable-CSAdForest failed.
  This error is at "Step 3: Prepare Current Forest" of the install.

  I've tried to run the forest prep as a local domain and I get the following:
  Creating new log file "C:\Users\administrator.xxx\AppData\Local\Temp\2\Enable-CSAdForest-052cfe14-7f42-4969-88da-83279413ab8c.xml".Enable the Active Directory forest to host Lync Server 2013 deployments.
  Prepare Forest Active Directory settings execution failed on an unrecoverable error.Creating new log file "C:\Users\administrator.xxx\AppData\Local\Temp\2\Enable-CSAdForest-[2013_05_30][13_25_56].html".WARNING:
  Enable-CSAdForest failed.WARNING: Detailed results can be found at "C:\Users\administrator.xxx\AppData\Local\Temp\2\Enable-CSAdForest-[2013_05_30][13_25_56].html".Command
  execution failed: Container CN=Microsoft,CN=Program Data,DC=xxx,DC=local not found

• Cisco ISE Failure: 24408 User authentication against Active Directory failed since user has entered the wrong password

  Hi,
  Since we implemented Cisco ISE we receive the following failure on several Notebooks:
  Authentication failed : 24408 User authentication against Active Directory failed since user has entered the wrong password
  This happens 2 or 3 times per Day. So basically the authentications are working. But when the failure appears, the connection is lost for a short time.
  The Clients are using PEAP(EAP-MSCHAPv2) for Authentication. We've got a Cisco Wireless Environment (WLC 5508).
  Why is this happening?
  Thanks,
  Marc

  The possible causes of this error message are:
  1.] If the end user entered an incorrect username.
  2.] The shared sceret between WLC and ISE is mismatched. With this we'll see continous failed authentication.
  3.] As long as a PSN not receiving a response from the supplicant within this limit during an EAP conversation, it will throw this error code. In majority of cases it says eap session timed out.
  In your cases, the 3rd option seems to be the most closest one.
  Jatin Katyal
  - Do rate helpful posts -

• How to authenticate using Active directory!

  Hi all!
  at present im using a code given below, its working fine! currently we are using mixed mode active directory! we are going to migrate that to Native mode!
  import java.util.Properties;
  import javax.naming.*;
  import javax.naming.directory.*;
  import javax.servlet.http.*;
  import java.io.*;
  import java.util.Vector;
  import com.aigss.codegene.utils.PropertyDispatcher;
  public class LdapAuthentication//Servlet extends HttpServlet
       private java.util.Hashtable cache = new java.util.Hashtable();
        * @param loginid
        * @param passwrd
        * @return boolean
       public boolean authenticate(String loginid, String passwrd) {
            if(passwrd.trim().equalsIgnoreCase(""))
            return false;
            Properties props = new Properties();
            String ldapHost = "ldap://HDCQ3Q5CDOM01:389";
            String DN =
                 "CN="
                      + loginid.trim()+"DN=,CN=Users,DC=pslsdc,DC=legacy,DC=r5,DC=websi,DC=net";
            System.out.println("DN: "+DN);     
            props.put(Context.INITIAL_CONTEXT_FACTORY,com.sun.jndi.ldap.LdapCtxFactory);
            props.put(Context.SECURITY_AUTHENTICATION, "simple");
            props.put(Context.SECURITY_CREDENTIALS,  passwrd);
            props.put(Context.SECURITY_PRINCIPAL, DN);
            props.put(Context.PROVIDER_URL, ldapHost);
            try {
                 DirContext ctx = new InitialDirContext(props);
                 System.out.println("successfully authenticate DN: " + DN);
                 return true;
            } catch (Exception ex) {
                 System.out.println(ex+loginid);
                 try{
                      throw new Exception("login failure : "+ex+loginid);
                 }catch(Exception e){
                      e.printStackTrace();
                 return false;
  }when i try to connect into Active directory the new one, im unable to get authenticate, user not found error is coming! (data 525)
  im unable to continue!
  i tried changing the DN to : [email protected]
  also DN: mydomain\vijayvignesh
  then im getting error:
  java.lang.Exception: istar login failure : javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, vecei almost tried everything!
  if any one can find a solution pls do come forward!
  remember my code works fine in Mixed mode active directory, when we shift that to native mode, it is not working!

  If you would read the Active Directory error message, it actually gives you a hint:
  "The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection"
  There was a security feature introduced in Windows Server 2003 that would allow administrators to only allow connections over encrypted sessions (eg. SSL/TLS or Kerberos signing and sealing). This setting is configured somewhere in the Domain Controller's Group Policy, called something like "LDAP Server signing"
  One solution is to use SSL/TLS. Refer to my previous post titled "JNDI, Active Directory & Authentication (part 2) (SSL)" at
  http://forum.java.sun.com/thread.jspa?threadID=581425&tstart=50

• How to set up authentication against Active Directory using custom account

  Hi All,
  Our development BPC server (version 7.0.112, MSSQL Server 2005) was installed using a local user in domain X. It is a single-server installation (meaning all services were installed on that server). The dev server always has the latest data/users by restoring the production backup on the dev server. For testing purpose, I need to allow a user of domain X to log in and do a testing.
  Is there a way to configure the dev server to authenticate against an Active Directory in domain X using a special user in the domain X? If yes, how can I configure the dev server?
  Thanks.

  The installation user must be a domain user with rights to browse domain X.
  Otherwise you are not able to add users fom domain.
  In your case installation was done with a local user which means you willnot be able to use domain users.
  It can be an workaround if you will change the identity for 2 COM+ components to be a domain user instead to be that local user.
  Any way I don't advice you to do this. It will be better to reinstall the dev using a domain user.
  The COM+ which has to be changed are:
  OsoftAdminServer
  OsoftUserManage
  Attention domain user used must be added into administartor group of BPC server and also to have sys admin right to SQL Server.
  I hope this will help you.
  Regards
  Sorin Radulescu

• Can OS X 10.9 Authenticate An Active Directory User From A Different Trusted Forest

  I am able to authenticate with an AD account from a different trusted domain in the same forest as the domain the client is bound to on OS X 10.9. An AD account from a trusted domain in a separate forest cannot authenticate on the same client. The same AD account from the same external trusted domain in the same external forest can authenticate to a Windows 7 client bound to the same domain as the Mac client. It seems that OS X is incapable of cross forest authentication. It seems as though the directory services search path only includes the forest of the domain the client is bound to. Windows clients seem to be able to handle the referral process to a different forest, but a Mac client does not. Am I correct in this assumption? Has anyone accomplished cross forest authentication on an OS X client? If so, how? If not, what is the reason this can't be done?

  Well, I’ve made some encouraging progress.
  I’ve managed to log on!
  I deleted /var/db/.AppleSetupDone while booted into the recovery volume. I then created a new local admin user and, after a much longer than usual delay, got through the account creation stuff and arrived at last in the Finder, which was sluggish as heck.
  Checked user accounts, and according to system prefs they’re all there. Fired up Activity monitor and found that opendirectoryd was consuming 365%-405% CPU.
  I unbound the system from our Active Directory domain, not really expecting it to work but it did. cpu load dropped to nothing.
  I rebooted, was able to log in as the original local admin user (woohoo! Progress!)
  Re-bound it to AD and boom CPU shot right back up.
  I unbound it again and am currently backing up the drive with CCC (conversation with professor yesterday “Time Machine? What’s Time Machine?”)
  If CCC dies, I’ll run DW on the original, but I’m now pretty sure my issue is a borked opendirectory database.
  Plan going forward:
  I’ll nuke&pave the iMac, restore the apps, but NOT users and computer settings from the CCC during the re-install, create a new local admin, re-bind to AD see what happens.
  If it doesn’t go nutz again, I’ll have him log on so it creates the local directory, copy over his original user directory from the backup drive, make it his actual home on the disk again and in theory he should be ok.
  It’s amazing how often just laying my problem out in public makes my brain think of new things to try :-)
  I don't know if this is directly applicable to an OpenDirectory-bound system rather than Active Directory, but it might work for you.

• Authentication against Active Directory Forest

  Hello Everyone,
  I am new to JNDI programming and would appreciate any help in the following problem.
  I am planning to write a program using JNDI APIs to authenticate users against an Active Directory (AD) forest.
  Target AD forest contains multiple domains with two-way transitive trust between them. There are several users created in each of these domains.
  I would like to know what should be the general approach for authenticating users against such a topology.
  I have a working program which uses JNDI APIs to authenticate users against single Domain.
  A sample topology would contain domains like these.
  - abc.corp.net
  - xyy.corp.net
  - pqr.xyz.corp.net
  - hrdev.xyz.corp.net
  - lmn.corp.net
  Thanks in advance for any help
  Sandeep

  Hi,
  How does this relate to Sun Directory Server ?
  Regards,
  Ludovic

• Getting User Attributes from an Active Directory LDAP

  Hello all.
  I want to extract attributes assigned to a user in the Active Directory LDAP and make them available through the getPropertyValue property in Javascript. I know that a user's System Attributes can be accessed with getPropertyValue but I have not found a way to get specific attributes from the LDAP and make them available as specific attributes in xMII. System attributes like "EmailAddress1" seem to transfer from the LDAP but others don't. Anyone have any ideas?
  Thanks.
  ...Sparks

  Sparks,
  If you're using 11.5 or 12 actually they should all map into the system as session properties.  You can use the following URL to verify your session properties:
  http://<xMIIServer>/Lighthammer/PropertyAccessServlet?Mode=List
  If you are not seeing the attributes you expect then your Attribute Query for User or Role is incorrect for your LDAP system and you need to change the LDAP configuration queries.
  -Sam

• Advice needed for WAP4410n to authenticate using active directory ?

  Hello,
  We have a couple of Cisco WAP4410n newly purchased for our organisation.
  1)We already have a windows 2003 active directory with domain and users.
  2)We have installed a machine with ubunto linux.It has freeradius configured
  in it.we have also installed the certificate server in this machine.
  3)we have given the linux machine's ip to the freeradius settings in  wap4410n.
  4)Our logic is that when a wireless users tries to connect to wap4410n the linux
     free radius server will communicate with the windows active directory and grant
     access to the wireless user.
  However when we try to connect a wireless user we are getting certificate related
  errors.
  Can someone advice us on the settings (PEAP and certificate issues) with respect to freeradius and wap4410n
  so that the active directory users can be authenticated.
  Thanks & regards.....

  Hi Sabeesh,
  if you get a certificate warning, then you should check what it is complaining about.
  -If you go for PEAP, you're supposed to install a certificate on the radius server and to have the clients to trust it.
  -Usually people configure the windows peap client to NOT validate the server certificate, which bypass this problem. However a certificate still has to be installed on the Radius server but it can be invalid.
  Hope this helps
  ===
  Don't forget to rate answers that you find useful

• Cannot Bind Leopard Server to Windows Active Directory

  Trying to Bind new Leopard Server but keep getting an Unknown error. it there an issue with the new Server OS?
  This is the error
  12/10/07 6:36:37 PM com.apple.launchd[1] (0x0-0x2c02c.com.apple.ServerAdmin4479) Exited abnormally: Segmentation fault
  12/10/07 6:37:08 PM Directory Utility236 Step 1 of 6: Searching for Forest/Domain information
  12/10/07 6:37:08 PM Directory Utility236 Binding failed with error -14120
  12/10/07 6:37:29 PM DirectoryService4626 * +NSCFArray shouldAttemptCheck: unrecognized selector sent to class 0xa0101740
  12/10/07 6:37:30 PM com.apple.launchd[1] (com.apple.DirectoryServices4626) Exited abnormally: Bus error

  Okay, I have now managed to setup up the server. I did this by creating a Open Directory Master and then binding that to our Active Directory. I have setup Active Directory and LDAP binding on the client Macs.
  I then added a user from AD into Workgroup Manager and applied a few preferences. They worked brilliantly. However, the computer Workgroup Manager preferences are not working at all! Is there a different way to add computers to Workgroup Manager (I added them by using the + sign and dragging them in from AD) and is there a way to automatically add a computer once it's joined to the domain, like it goes in to AD?

• What is the powershell command to get the user count in Active Directory

  What is the powershell command to get the user count in Active Directory

  Get-ADuser
  REF: http://blogs.technet.com/b/heyscriptingguy/archive/2012/10/30/powertip-single-line-powershell-command-to-list-all-users-in-an-ou.aspx
  This post is provided AS IS with no warranties or guarantees, and confers no rights.
  ~~~
  Questo post non fornisce garanzie e non conferisce diritti

• Josso not able authenticate against sun directory configuration

  I trying configure josso-1.5 and jboss 4.x to sun directory server.
  I getting error in the screen: Invalid Authentication Information
  It works against openldap
  Please let me know, i need do any special configuration for sun directory server
  console log.
  12:12:33,453 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.html.LocalStrings', returnN
  ull=true
  12:12:33,468 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.html.LocalStrings', returnN
  ull=true
  12:12:33,468 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.util.LocalStrings', returnNull=tru
  e
  12:12:33,531 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.html.LocalStrings', returnN
  ull=true
  12:12:33,531 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.html.LocalStrings', returnN
  ull=true
  12:12:33,531 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.bean.LocalStrings', returnN
  ull=true
  12:13:02,171 INFO [TilesRequestProcessor] Tiles definition factory found for request processor ''.
  12:13:02,250 INFO [ConfigurationFactory] Trying to load configuration josso-gateway-config.xml
  12:13:02,265 INFO [ComponentKeeperImpl] SSO Config from [file:/C:/Jboss405/jboss-4.0.5.GA/jboss-4.0.5.GA/server/default
  /./tmp/deploy/tmp36339josso.ear-contents/josso-exp.war/WEB-INF/classes/josso-config.xml]
  12:13:02,281 INFO [STDOUT] THe crendentials are ->[Lorg.josso.auth.Credential;@b65a68
  12:13:02,281 INFO [STDOUT] THe SSO context is org.josso.gateway.SSOContextImpl@1e99db4
  12:13:02,281 INFO [STDOUT] THe gateway is ->org.josso.gateway.SSOGatewayImpl@70cdd2
  12:13:02,281 INFO [STDOUT] THe scheme is ->basic-authentication
  12:13:02,312 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@3
  12:13:02,312 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@7
  12:13:02,312 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@9
  12:13:02,312 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@10
  12:13:02,312 INFO [STDOUT] THE ENV BEFORE LOGGING IN TO LDAP IS -> {java.naming.provider.url=ldap://192.168.1.225:2389,
  java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=cn=admin,cn=Administrators
  ,cn=config, java.naming.security.authentication=simple, java.naming.security.credentials=test, java.naming.security
  .protocol=}
  12:13:02,312 INFO [STDOUT] THE ENV BEFORE LOGGING IN TO LDAP IS -> {java.naming.provider.url=ldap://192.168.1.225:2389,
  java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=cn=admin,cn=Administrators
  ,cn=config, java.naming.security.authentication=simple, java.naming.security.credentials=test, java.naming.security
  .protocol=}
  12:13:07,000 INFO [STDOUT] ################################ LOGGED in TO LDAP SERVER ############# javax.naming.ldap.In
  itialLdapContext@142c63f
  12:13:07,000 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@12
  12:13:07,046 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@3
  12:13:07,046 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@7
  12:13:07,046 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@9
  12:13:07,046 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@10
  12:13:07,046 INFO [STDOUT] THE ENV BEFORE LOGGING IN TO LDAP IS -> {java.naming.provider.url=ldap://192.168.1.225:2389,
  java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=cn=admin,cn=Administrators
  ,cn=config, java.naming.security.authentication=simple, java.naming.security.credentials=test, java.naming.security
  .protocol=}
  12:13:07,062 INFO [STDOUT] THE ENV BEFORE LOGGING IN TO LDAP IS -> {java.naming.provider.url=ldap://192.168.1.225:2389,
  java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=cn=admin,cn=Administrators
  ,cn=config, java.naming.security.authentication=simple, java.naming.security.credentials=test, java.naming.security
  .protocol=}
  12:13:11,640 INFO [STDOUT] ################################ LOGGED in TO LDAP SERVER ############# javax.naming.ldap.In
  itialLdapContext@a14fed
  12:13:11,656 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@12
  12:13:11,718 INFO [SSO_AUDIT] Sat Aug 11 12:13:11 PDT 2007 - sso-user - info - user1 - authenticationFailed=failure - r
  emoteHost=127.0.0.1,authScheme=basic-authentication - ERROR:user1:org.josso.auth.exceptions.AuthenticationFailureExcepti
  on
  12:13:11,812 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.html.LocalStrings', returnN
  ull=true
  12:13:11,828 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.html.LocalStrings', returnN
  ull=true

  ar, mine was a mistake.
  I changed password to plain and my ldap data to none crypt password.
  Also I commented out
  <!--
  <hashAlgorithm>MD5</hashAlgorithm>
  <hashEncoding>HEX</hashEncoding>
  -->
  <!-- Strong Authentication Scheme
  <authentication-scheme>
  <name>strong-authentication</name>
  -->
  lines.
  INFO: Trying to load configuration josso-gateway-config.xml
  2008/01/30 23:12:33 org.josso.ComponentKeeperImpl loadConfig
  INFO: SSO Config from [file:/opt/apache-tomcat-6.0.14_josso-1.6/bin/josso-config.xml]
  2008/01/30 23:12:33 org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler handle
  INFO: Wed Jan 30 23:12:33 JST 2008 - sso-session - info - - createSession=success - ssoSessionId=3BD8CB4222046B3ECA68A29DCC54FD44
  2008/01/30 23:12:33 org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler handle
  INFO: Wed Jan 30 23:12:33 JST 2008 - sso-user - info - user1 - authenticationSuccess=success - remoteHost=192.168.100.200,authScheme=basic-authentication,ssoSessionId=3BD8CB4222046B3ECA68A29DCC54FD44
  2008/01/30 23:12:33 org.josso.gateway.signon.LoginAction login
  WARN: No 'BACK TO' URL received or configured ... using default forward rule !

• OS 10.4.7 mounting against Active Directory on 2003 Server

  Hi,
  I downloaded all documentation regarding mounting OSX clients to our Windows 2003 Server network. I can bind to the server but everytime I try to connect to a server (under the network), I get the following error . . . "the alias could not be opened, because the original item cannot be found". What else do I need to do?
  Many thanks,
  -K

  Hi,
  I downloaded all documentation regarding mounting OSX
  clients to our Windows 2003 Server network. I can
  bind to the server but everytime I try to connect to
  a server (under the network), I get the following
  error . . . "the alias could not be opened, because
  the original item cannot be found". What else do I
  need to do?
  Many thanks,
  -K
  one thing i found out when trying to do the same, but on a win2000 server, is to connect to the server by "Go -> Connect to Server" and use the IP... have not tried it with 2k3 yet. otherwise, upgrade your mac to 10.4.8... it should work fine, 10.4.8 has windows fixes, as well as AFP fixes...

• How do I configure a cisco 1131 AP to use WPA2 enterprise and authenticate to Active Directory

  I have a Win2008 server set up as a radius server (192.168.32.71) and a stand alone AP (192.168.201.9) The AP is config is below:
  version 12.3
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname ap
  enable secret 5 $1$IdUV$UvE2IJTNzHX6mW6Mmh3At0
  ip subnet-zero
  ip domain name TKGCORP.local
  ip name-server 192.168.32.71
  aaa new-model
  aaa group server radius rad_eap
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa group server radius rad_eap1
  server 192.168.201.9 auth-port 1812 acct-port 1813
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authentication login eap_methods1 group rad_eap1
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  dot11 ssid ka_test
     vlan 201
     authentication open eap eap_methods1
     authentication network-eap eap_methods1
     guest-mode
  power inline negotiation prestandard source
  username Cisco password 7 112A1016141D
  username tkgadmin privilege 15 password 7 022D167B06551D60
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption vlan 201 mode ciphers aes-ccm tkip
  encryption key 1 size 128bit 7 673B0AA56FCB4E630D8E4856427E transmit-key
  encryption mode wep mandatory
  broadcast-key change 150
  ssid ka_test
  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
  station-role root
  bridge-group 1
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio0.201
  encapsulation dot1Q 201
  no ip route-cache
  bridge-group 201
  bridge-group 201 subscriber-loop-control
  bridge-group 201 block-unknown-source
  no bridge-group 201 source-learning
  no bridge-group 201 unicast-flooding
  bridge-group 201 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  shutdown
  encryption key 1 size 128bit 7 B711059074E30B1E1D4E3EC038BB transmit-key
  encryption mode wep mandatory
  broadcast-key change 150
  speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  hold-queue 160 in
  interface FastEthernet0.201
  encapsulation dot1Q 201
  no ip route-cache
  bridge-group 201
  no bridge-group 201 source-learning
  bridge-group 201 spanning-disabled
  interface BVI1
  ip address 192.168.201.9 255.255.255.0
  no ip route-cache
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  radius-server local
    no authentication eapfast
    no authentication mac
    nas 192.168.201.9 key 7 010703174F
  radius-server attribute 32 include-in-access-req format %h
  radius-server host 192.168.32.71 auth-port 1645 acct-port 1646 key 7 0835495D1D
  radius-server host 192.168.201.9 auth-port 1812 acct-port 1813 key 7 0010161510
  radius-server vsa send accounting
  control-plane
  bridge 1 route ip
  line con 0
  line vty 0 4
  end

  Sorry for the late reply Steve. The link you provided was extremely helpful here is what my config  looks like now:
  ersion 12.3
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname ap
  enable secret 5 $1$7vHS$YWCMbrlAgDUayKlOHhMlF1
  ip subnet-zero
  ip domain name TKGCORP.local
  ip name-server 192.168.32.71
  aaa new-model
  aaa group server radius rad_eap
  server 192.168.32.71 auth-port 1645 acct-port 1646
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  dot11 ssid wap_test
     authentication open eap eap_methods
     authentication network-eap eap_methods
     authentication key-management wpa
     guest-mode
     infrastructure-ssid optional
  power inline negotiation prestandard source
  username Cisco password 7 047802150C2E
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption mode ciphers tkip
  ssid wap_test
  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  shutdown
  speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  hold-queue 160 in
  interface BVI1
  ip address 192.168.201.9 255.255.255.0
  no ip route-cache
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  radius-server attribute 32 include-in-access-req format %h
  radius-server host 192.168.32.71 auth-port 1645 acct-port 1646 key 7 071B245F5A
  radius-server vsa send accounting
  control-plane
  bridge 1 route ip
  line con 0
  line vty 0 4
  end
  I get a login screen but it will not let me connect, on my radius server I have it set to allow a group that my username is in. Here are some debugs from when I try to connect to the AP:
  ap#debug aaa  authentication
  AAA Authentication debugging is on
  ap#
  *Mar  2 01:11:53.284: AAA/BIND(00000006): Bind i/f 
  *Mar  2 01:11:53.355: AAA/AUTHEN/PPP (00000006): Pick method list 'eap_methods'
  *Mar  2 01:11:54.556: %DOT11-7-AUTH_FAILED: Station c0cb.3835.a102 Authentication failed
  *Mar  2 01:11:55.280: AAA/BIND(00000007): Bind i/f 
  *Mar  2 01:11:55.404: AAA/AUTHEN/PPP (00000007): Pick method list 'eap_methods'
  *Mar  2 01:11:56.349: AAA/BIND(00000008): Bind i/f 
  *Mar  2 01:11:56.525: AAA/AUTHEN/PPP (00000008): Pick method list 'eap_methods'
  *Mar  2 01:11:57.300: AAA/BIND(00000009): Bind i/f 
  *Mar  2 01:11:58.070: AAA/BIND(0000000A): Bind i/f 
  *Mar  2 01:11:58.812: AAA/BIND(0000000B): Bind i/f 
  *Mar  2 01:12:15.470: AAA/AUTHEN/PPP (0000000B): Pick method list 'eap_methods'
  *Mar  2 01:12:15.492: %DOT11-7-AUTH_FAILED: Station c0cb.3835.a102 Authentication failed
  ap#undebug all
  All possible debugging has been turned off