CSACS 3.3(1) to 4.1 authentication not working after upgrade? No logs?

Unanswered Question
Aug 9th, 2007
User Badges:

Hi

So we've just done an upgrade of CSACS 3.3(1) to 3.3(3) and then from there to 4.1 as recommended. After the upgrade, all 'seems' to be fine with the server, all the services have started and seem to be running, the UDP ports are open (1812, 1813, 1645 and 1646), yet none of my clients are able to login via any NAS configured. There are no logs being generated on the server, no fails, no passes, nothing since the upgrade. The server and the NAS' can still ping each other just as before, nothing else has changed on the NAS or the network in general. During the upgrade, I choose to keep my existing configuration. Can anyone help? Please? Thanks


Jason

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Thu, 08/09/2007 - 12:13
User Badges:
  • Red, 2250 points or more

Jason,

It seems to be a appliance , if that is the case then go to ,


acs ----> Interface config--->Advanced --->Enable all except last two.



Now go to acs----> Network configuration ----> Proxy table ----.Put deleverence 1 on the fwd to box and what ever you have under fwd to box drag it to the left box.



Regards,

~JG




jasonhumes Thu, 08/09/2007 - 12:15
User Badges:

Hi

This is not an appliance, but the Windows based software server. Would these tips still apply? Thanks


Jason

Jagdeep Gambhir Thu, 08/09/2007 - 12:20
User Badges:
  • Red, 2250 points or more

No , not for windows. Is the services running ? What is the OS and SP ?





jasonhumes Thu, 08/09/2007 - 12:23
User Badges:

Hi

The services are all running, I've tried to stop and restart all CS* services. I've tried to reboot the whole server itself. It is running Windows Server 2003. One problem I noticed just now, the server does not have SP1 applied due to a conflict with another application running on that box and according to the CSACS4.1 release notes, SP1 is a requirement...but I don't know if not having it would cause these weird issues. Everything 'seems' to be running, open ports, etc, but nothing is happening. So I'm going to try to get this server updated to SP1 and see what happens from there. Do you think this SP1 missing would cause this strange problem? Thanks very much for your help.


Jason

Jagdeep Gambhir Fri, 08/10/2007 - 04:39
User Badges:
  • Red, 2250 points or more

Hi Jason,

I don't think SP can cause this kind of issue but it is worth to try. Also I would suggest to sniff the NIC of acs and see if there is any traffic coming from the NAS, if it is there then it would be interesting to see how acs replied.


Also take debugs at the same time from NAS


debug aaa authentication

debug radius or tacacs (as per the case)


Also make sure that acs is set up as Cisco secure acs and NOT tacacs or radius.


ACS -->Network configuration---->AAA server--->Server type should be Cisco secure acs.



Regards,

~JG

jasonhumes Fri, 08/10/2007 - 04:41
User Badges:

Hi

We let the server do its full set of Windows Updates last night and after the update and reboot, all authentication services started working properly again with no further changes. So it WAS the patch level that was causing the problem. Thanks for all your help.


Jason

Richard Burts Sun, 08/12/2007 - 18:59
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Jason


I am glad that you were able to get this worked out. Thank you for updating the thread to indicate that you had found a solution to the problem. It makes the forum more useful when people can read about a problem and can read what provided the solution to the problem.


HTH


Rick

Actions

This Discussion