we are having currently a trouble with Cisco ACS which we have implemented, and I'll try to describe:
We have ACS Linked to AD Directory domains, where we have 2 domains, and proper group mappings.
We have then our Cisco Switches with following config,
aaa authentication fail-message ^CCCC
Failled to Authenticate!
Please Contact IT Networks Group for further information.
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa authorization network default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common
But the issue is that with the users from one domain we can authenticate, but not from the other. The issue is basically that when we check on Passed Authentication, both authentications are passing, and showing "Authen OK", but on the switch side, there is a failure.
There can be something wrong with ACS?