Windows Authentication Fails

Unanswered Question
Mar 5th, 2008

We are running ACS 4.1.(4) Build 13 on a member server within a 2003 AD Domain.

We get the following errors in the CSAuth.log file:

AUTH 05/03/2008 17:21:15 E 0384 6180 0x24 External DB [NTAuthenDLL.dll]: NetUserGetLocalGroups failed with result [5]

AUTH 05/03/2008 17:21:15 E 2169 6180 0x24 External DB [NTAuthenDLL.dll]: nt_GetUsersNTGroups failed

AUTH 05/03/2008 17:21:15 E 0384 6180 0x24 External DB [NTAuthenDLL.dll]: NetUserGetLocalGroups failed with result [5]

AUTH 05/03/2008 17:21:15 E 2169 6180 0x24 External DB [NTAuthenDLL.dll]: nt_GetUsersNTGroups failed.

It appears that ACS cannot determine group membership of the AD account. I have setup the mappings of AD Groups to ACS Groups.

Any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Premdeep Banga Wed, 03/05/2008 - 13:35

Ensure that you have followed *all* the steps mentioned in this link,

Configuring for Member Server Authentication:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/installation/guide/windows/postin.html#wp1041304

Also, install Patch 6 for ACS version 4.1(4) Build 13 from,

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des

- Acs-4.1.4.13.6-SW.zip

- Acs-4.1.4.13.6-SW-Readme.txt

Regards,

Prem

Actions

This Discussion