Windows Authentication Fails

Unanswered Question
Mar 5th, 2008
User Badges:

We are running ACS 4.1.(4) Build 13 on a member server within a 2003 AD Domain.


We get the following errors in the CSAuth.log file:


AUTH 05/03/2008 17:21:15 E 0384 6180 0x24 External DB [NTAuthenDLL.dll]: NetUserGetLocalGroups failed with result [5]

AUTH 05/03/2008 17:21:15 E 2169 6180 0x24 External DB [NTAuthenDLL.dll]: nt_GetUsersNTGroups failed

AUTH 05/03/2008 17:21:15 E 0384 6180 0x24 External DB [NTAuthenDLL.dll]: NetUserGetLocalGroups failed with result [5]

AUTH 05/03/2008 17:21:15 E 2169 6180 0x24 External DB [NTAuthenDLL.dll]: nt_GetUsersNTGroups failed.


It appears that ACS cannot determine group membership of the AD account. I have setup the mappings of AD Groups to ACS Groups.


Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Premdeep Banga Wed, 03/05/2008 - 13:35
User Badges:
  • Gold, 750 points or more

Ensure that you have followed *all* the steps mentioned in this link,


Configuring for Member Server Authentication:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/installation/guide/windows/postin.html#wp1041304


Also, install Patch 6 for ACS version 4.1(4) Build 13 from,

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des

- Acs-4.1.4.13.6-SW.zip

- Acs-4.1.4.13.6-SW-Readme.txt


Regards,

Prem


Actions

This Discussion