ACS external database issue

Unanswered Question

Hi

I have the following issue, user exists on both the ACS and token server authenication is set to external database with no unknown user policy as the user is known to the ACS! this fails authenication error message is CS user unknown... Now if the unknown user policy is set to the external database the authenication works fine this is on 3.3. I have checked for bugs to no avail.

Any assistance would be good...

Thanks MJ

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Wed, 07/16/2008 - 08:26

If you have user configured in acs with no unknown user policy , then acs is only going to check its internal database.

So this is a expected behavior

If you have unknown user policy set up then acs will check its external database.

It seems you have only user set up in ACS and for password you have pointed to external database.

So acs knows the user but not the password. To check the password of user, it need to forward request to external database.

And that part is configured in unknown user policy.

Regards,

~JG

DO rate helpful posts

Hi JG

Many thanks for your response, it is configured this way due the documentation below:

Known Users -Users explicitly added, either manually or automatically, into the CiscoSecureACS database.

These are users added through User Setup in the HTML interface, by the RDBMS Synchronization feature, by the Database Replication feature, or by the CSUtil.exe utility. For more information about CSUtil.exe, see "CSUtil Database Utility".

CiscoSecureACS attempts to authenticate a known user with the single database that the user is associated with. If the user database is the CiscoSecure user database and the user does not represent a Voice-over-IP (VoIP) user account, a password is required for the user. If the user database is an external user database or if the user represents a VoIP user account, CiscoSecureACS does not have to store a user password in the CiscoSecure user database.

This is from the following link....

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user/qu.htm

Many thanks MJ

Actions

This Discussion