ACS 4.2 with Active Directory

Unanswered Question
Jul 2nd, 2009
User Badges:

i have a windows 2003 active directory domain setup with cisco acs 4.2 also installed on it I'm using a 2611xm router(ios 12.4 advsec) if I create users on the acs, i have no issues setting up AAA Authentication however, I have followed the online documentation, to set the ACS to use my windows user database(AD)...but when i try to log in, the authentication fails. On my domain, I have created a computer account named 'CISCO' and I have granted my user "Dial-in" permission. When I checked the failed attempts report on the ACS server it said, "authen failed" and under the authentication code, it said "internal error

Here are some results from some debug commands. Any help would be greatly appreciated

SDMRouter#

*Mar 1 00:24:44.365: AAA/BIND(00000007): Bind i/f

*Mar 1 00:24:44.369: AAA/AUTHEN/LOGIN (00000007): Pick method list 'MY_OWN'

*Mar 1 00:24:44.373: TPLUS: Queuing AAA Authentication request 7 for processing

*Mar 1 00:24:44.377: TPLUS: processing authentication start request id 7

*Mar 1 00:24:44.377: TPLUS: Authentication start packet created for 7()

*Mar 1 00:24:44.381: TPLUS: Using server 10.1.1.3

*Mar 1 00:24:44.385: TPLUS(00000007)/0/NB_WAIT/855EB078: Started 5 sec timeout

*Mar 1 00:24:44.393: TPLUS(00000007)/0/NB_WAIT: socket event 2

*Mar 1 00:24:44.393: TPLUS(00000007)/0/NB_WAIT: wrote entire 33 bytes request

*Mar 1 00:24:44.393: TPLUS(00000007)/0/READ: socket event 1

*Mar 1 00:24:44.397: TPLUS(00000007)/0/READ: Would block while reading

*Mar 1 00:24:44.401: TPLUS(00000007)/0/READ: socket event 1

*Mar 1 00:24:44.401: TPLUS(00000007)/0/READ: read entire 12 header bytes (expec

t 16 bytes data)

*Mar 1 00:24:44.405: TPLUS(00000007)/0/READ: socket event 1

*Mar 1 00:24:44.405: TPLUS(00000007)/0/READ: read entire 28 bytes response

*Mar 1 00:24:44.405: TPLUS(00000007)/0/855EB078: Processing the reply packet

*Mar 1 00:24:44.405: TPLUS: Received authen response status GET_USER (7)

*Mar 1 00:24:48.900: TPLUS: Queuing AAA Authentication request 7 for processing

*Mar 1 00:24:48.904: TPLUS: processing authentication continue request id 7

*Mar 1 00:24:48.904: TPLUS: Authentication continue packet generated for 7

*Mar 1 00:24:48.908: TPLUS(00000007)/0/WRITE/84D88908: Started 5 sec timeout

*Mar 1 00:24:48.908: TPLUS(00000007)/0/WRITE: wrote entire 25 bytes request

*Mar 1 00:24:48.936: TPLUS(00000007)/0/READ: socket event 1

*Mar 1 00:24:48.936: TPLUS(00000007)/0/READ: read entire 12 header bytes (expec

t 16 bytes data)

*Mar 1 00:24:48.936: TPLUS(00000007)/0/READ: socket event 1

*Mar 1 00:24:48.936: TPLUS(00000007)/0/READ: read entire 28 bytes response

*Mar 1 00:24:48.940: TPLUS(00000007)/0/84D88908: Processing the reply packet

*Mar 1 00:24:48.940: TPLUS: Received authen response status GET_PASSWORD (8)

*Mar 1 00:24:51.981: TPLUS: Queuing AAA Authentication request 7 for processing

*Mar 1 00:24:51.985: TPLUS: processing authentication continue request id 7

*Mar 1 00:24:51.985: TPLUS: Authentication continue packet generated for 7

*Mar 1 00:24:51.989: TPLUS(00000007)/0/WRITE/84D88908: Started 5 sec timeout

*Mar 1 00:24:51.989: TPLUS(00000007)/0/WRITE: wrote entire 24 bytes request

*Mar 1 00:24:52.150: TPLUS(00000007)/0/READ: socket event 1

*Mar 1 00:24:52.154: TPLUS(00000007)/0/READ: read entire 12 header bytes (expec

t 6 bytes data)

*Mar 1 00:24:52.154: TPLUS(00000007)/0/READ: socket event 1

*Mar 1 00:24:52.154: TPLUS(00000007)/0/READ: read entire 18 bytes response

*Mar 1 00:24:52.154: TPLUS(00000007)/0/84D88908: Processing the reply packet

*Mar 1 00:24:52.154: TPLUS: Received authen response status FAIL (3)


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
ciscoskeemz Fri, 07/03/2009 - 15:55
User Badges:

JG,


thanks...I actually was looking over that doc prior to posting, but still cannot find the issue. I will keep at it.

Actions

This Discussion