I have recently installed the ACS 4.1 evaluation version on a member server in a domain running Windows 2003 Server Standard with SP2. I have followed the instructions in the documentation that came with the ACS package.
Here are the steps that I have taken:
- Selected "also check the Windows User Database" during the install, but did NOT select the "Grant dial-in permission to user" setting.
- enabled all features to show up on the ACS interface.
- Selected "Restart All" for the service monitoring feature.
- Entered the database encryption password.
- Finished setup. ACS services started.
- Next I configured ACS for member server authentication.
- Added a computer account to Active Directory named CISCO.
- Verified that the server service was running and set to automatic.
- Set LAN Manager to "Send LM & NTLM - use NTLMv2 session security if negotiated"
- Created ACSUser in AD and granted it the "Read all properties" permission for the IT folder in AD.
- Configured ACSuser to "act as part of the OS" and "log on as a service".
- Enabled NetBIOS over TCP/IP on ACS server as well as my two local domain controllers.
- DNS & WINS was already configured properly.
- Configured LMHOSTS on the ACS server as follows:
192.168.0.4 xxxxdc #PRE #DOM:CompanyABC
192.168.0.4 "CompanyABC \0x1b #PRE
192.168.0.3 xxxxxxdc #PRE #DOM:CompanyABC
192.168.0.3 "CompanyABC \0x1b #PRE
- Set all seven ACS services to logon as ACSuser.
- Restarted server to make sure that all changes took effect.
I'm trying to log on with my account from AD and I get the "Login Failed...Try Again" error message. I would like to get this issue resolved quickly since it is a time-limited eval.
edit: it appears that the spaces in my LMHOSTS config don't show up properly, but I do have the correct spacing in the file.