I have an ACS 3.3(2)b2 what authenticates users from external ADs. All the authentication is succeful from its own domain and from several trusted domain.
Now I'd like to add a new domain to the system, but when I try to authenticate from this domain it fails. In the "Failed Attempts" report the error message is the following: "External DB account restriction"
Ext. User DBs --> DB Configuration --> Windows DB --> Configure --> I put it to the "Domain List" column in the "Configure Domain List" section.
The "... Grant Dialin Permission ..." checkbox is empty.
I have a valid group mapping also.
I found a bug in this version:
"Authentication succeeded only when The EAP-TLS client authenticate to the DC which connected directly to the ACS, but when the user is in the Trusted DC (only in the trusted DC) which connected to the first DC, the authentication didn't succeed and the Fail Attempts message was: "External DB account Restriction."
Same message occurred whether enabling the domain stripping in Windows external database settings or not. "
I could accept this bug if there wasn't many well working domains in the system.
Has anyone got any idea for this problem?
What I forgot to set?