CAG Authentication Problems (Radius), in the Advanced Access Control / Citrix Access Gateway forum on BrianMadden.com

This is driving me crazy.

I'm running CAG 4.5 with radius authentication. I followed the Radius/CAG Guide from CTX107495.

I have a couple of users in that are unable to authenticate correctly to my CAG.

The users that have the problem instantly receive a check username/password error. They are typing it in correctly though.

I checked the security event log on my radius server and it shows them as successfully being able to authenticate.

However....
I check the log on the CAG and I have this:
(11/03/06 15:29:21):server:vpnd: Login failure for user [rwilliams] from MAC[00:13:CE:C5:84:EF]
(11/03/06 15:32:03):server:vpnd: Login failure for user [rwilliams]
(11/03/06 15:32:17):server:vpnd: Login failure for user [rwilliams]

Now here is what a normal user logon looks like on my CAG LOG:

(11/03/06 14:43:37):server:radius: user [bjohnson] is in the following RADIUS groups: CitrixAccessGateway
(11/03/06 14:43:37):server:vpn: : Parsed groups for user [bjohnson] from RADIUS authentication response
(11/03/06 14:43:37):server:authd: got group membership criteria for group 'CitrixAccessGateway'.

So for some reason those certain user accounts aren't testing group membership...

I've tried removing the user from the my CitrixAccessGateway group and then adding them back but it doesn't help.

Any ideas?
Running out of ideas!

... Really nobody has seen such issue?

I am having the exact same problem.

I have checked the logs on the DC and the XenApp server, and it looks like the gateway is not passing on the authentication through. I did another test: created a new user, and added it to the Citrix group used in Radius, and I was able to logon almost instantly!

Also, logging on to the Web Interface directly works fine for the users who can't authenticate through the CAG. Hopefully someone else's seen this issue and can give some suggestions.

George