CSACS 3.3(1) to 4.1 authentication not working after upgrade? No logs?

Unanswered Question
Aug 9th, 2007

Hi

So we've just done an upgrade of CSACS 3.3(1) to 3.3(3) and then from there to 4.1 as recommended. After the upgrade, all 'seems' to be fine with the server, all the services have started and seem to be running, the UDP ports are open (1812, 1813, 1645 and 1646), yet none of my clients are able to login via any NAS configured. There are no logs being generated on the server, no fails, no passes, nothing since the upgrade. The server and the NAS' can still ping each other just as before, nothing else has changed on the NAS or the network in general. During the upgrade, I choose to keep my existing configuration. Can anyone help? Please? Thanks

Jason

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Thu, 08/09/2007 - 12:13

Jason,

It seems to be a appliance , if that is the case then go to ,

acs ----> Interface config--->Advanced --->Enable all except last two.

Now go to acs----> Network configuration ----> Proxy table ----.Put deleverence 1 on the fwd to box and what ever you have under fwd to box drag it to the left box.

Regards,

~JG

jasonhumes Thu, 08/09/2007 - 12:15

Hi

This is not an appliance, but the Windows based software server. Would these tips still apply? Thanks

Jason

jasonhumes Thu, 08/09/2007 - 12:23

Hi

The services are all running, I've tried to stop and restart all CS* services. I've tried to reboot the whole server itself. It is running Windows Server 2003. One problem I noticed just now, the server does not have SP1 applied due to a conflict with another application running on that box and according to the CSACS4.1 release notes, SP1 is a requirement...but I don't know if not having it would cause these weird issues. Everything 'seems' to be running, open ports, etc, but nothing is happening. So I'm going to try to get this server updated to SP1 and see what happens from there. Do you think this SP1 missing would cause this strange problem? Thanks very much for your help.

Jason

Jagdeep Gambhir Fri, 08/10/2007 - 04:39

Hi Jason,

I don't think SP can cause this kind of issue but it is worth to try. Also I would suggest to sniff the NIC of acs and see if there is any traffic coming from the NAS, if it is there then it would be interesting to see how acs replied.

Also take debugs at the same time from NAS

debug aaa authentication

debug radius or tacacs (as per the case)

Also make sure that acs is set up as Cisco secure acs and NOT tacacs or radius.

ACS -->Network configuration---->AAA server--->Server type should be Cisco secure acs.

Regards,

~JG

jasonhumes Fri, 08/10/2007 - 04:41

Hi

We let the server do its full set of Windows Updates last night and after the update and reboot, all authentication services started working properly again with no further changes. So it WAS the patch level that was causing the problem. Thanks for all your help.

Jason

Richard Burts Sun, 08/12/2007 - 18:59

Jason

I am glad that you were able to get this worked out. Thank you for updating the thread to indicate that you had found a solution to the problem. It makes the forum more useful when people can read about a problem and can read what provided the solution to the problem.

HTH

Rick

Actions

This Discussion