We are running ACS 4.1.(4) Build 13 on a member server within a 2003 AD Domain.
We get the following errors in the CSAuth.log file:
AUTH 05/03/2008 17:21:15 E 0384 6180 0x24 External DB [NTAuthenDLL.dll]: NetUserGetLocalGroups failed with result [5]
AUTH 05/03/2008 17:21:15 E 2169 6180 0x24 External DB [NTAuthenDLL.dll]: nt_GetUsersNTGroups failed
AUTH 05/03/2008 17:21:15 E 0384 6180 0x24 External DB [NTAuthenDLL.dll]: NetUserGetLocalGroups failed with result [5]
AUTH 05/03/2008 17:21:15 E 2169 6180 0x24 External DB [NTAuthenDLL.dll]: nt_GetUsersNTGroups failed.
It appears that ACS cannot determine group membership of the AD account. I have setup the mappings of AD Groups to ACS Groups.
Any ideas?