Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
466
Views
0
Helpful
1
Replies

stations do not authenticate, possible bug cscsd52663

claudiols
Level 1
Level 1

‎11-27-2008 12:12 PM - edited ‎02-21-2020 10:22 AM

customer have a cisco secure acs release 4.2(0) build 124 patch 5 installed in a windows 2003 under netbios domain "bsbr" (fqdn bs.br.bsch)

stations from this domain have sucess on authentication

users from this domain have sucess on authentication

there is another netbios domain "sac" (fqdn sac.ads.int.abnamro.com) that have trust relationship with domain "bsbr"

users from domain "sac" have sucess on authentication

STATIONS from domain "sac" do NOT have sucess on authentication

a time ago the customer was running the acs version 4.1, were advided to upgrade to version 4.2 because of bug cscsd52663, but after the upgrade the problem still the same

Labels:
Preview file
8 KB
Preview file
63 KB
Preview file
1312 KB
0 Helpful
1 Reply 1

mbadali
Level 1
Level 1

‎12-03-2008 07:57 AM

Sounds like this may be a cross forest auth issue. Check to see if the two domains are in different forests or the same forest.

Here are some URLs that will guide you through the install process. Ensure that they are followed exactly. There is a requirement to have the ACS services started as a domain admin account. I confirmed with TAC that as long as the account is a domain account with the proper permissions (in the doc) you'll be alright. I'm currently running ACS 4.2 with machine auth working successfully across forests.

Windows Authentication Configuration- Configuring for Member Server Authentication:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/installation/guide/windows/postin.html#wp1041304

Release Notes for Cisco Secure ACS 4.2:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/release/notes/ACS42_RN.html

As discussed here is the bug:

CSCsd52663 : Cross forest user/machine authentication does not work

Symptom:

Machine authentication may fail due to "host not found".

Condition:

ACS is installed on a server that's a member of a domain in Forest 1, while pc's performing machine authentication are members of domains in Forest 2.

Workaround:

Ensure ACS is a member of the same forest as the authenticating PCs.

Version 004.000(001.027)

To be fixed in 004.002

Apply to 004.002(000.105) 004.001(004.013.001)

Integrated in

Verified Release 004.001(004.013.001)

0 Helpful
Customers Also Viewed These Support Documents