09-17-2008 06:59 PM
hi all:
we have ACS server used for TACACS server need to be integrated with MS AD.
After configuring the external DB in ACS, we are still not able to be authenticated by using AD account. and we found "Internal error" in the "failed attempts" log in the ACS server.
according to Cisco, Internal error is coming from Microsoft, did some come accorss the same problem before? and any solution?
09-23-2008 09:38 AM
If your usernames and passwords are on the external database like AD you can use a feature called RADIUS with expiry on concentrators, however any kind of password change feature is NOT supported when your NAS is a PIX firewall.
Below is the link for the RADIUS with expiry with Ciscosecure ACS for VPN users thorough 3000 series concentrators
09-23-2008 03:04 PM
thanks for your reply. this is not exactly what i wanted
09-24-2008 03:51 AM
So you've configured an external database, thats a start. Have you added mappings from the AD domain to the ACS groups ? Have you configured those ACS groups to allow access ?
What config are you using on the devices to authenticate,authorize and account ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide