10-07-2009 07:35 AM - edited 03-10-2019 04:43 PM
My organisation had been using ACS with AD to authenticate users for accessing Network devices.
But lately it doesnt work. There have been no known changes.
Can someone help to point possible issues or any links to see how the actual config on ACS should be done or look like for this to work.
Apologies if this is naive question, as am not so easy with ACS.
Thanks!
Solved! Go to Solution.
10-07-2009 08:32 AM
Hi,
There are two ways to fix the 'windows dialin permission required' message. You can either add dialin permissions on the user accounts on your Windows database, or you can remove the 'Require Dialin Permissions' option in ACS. To do this, go to "External User Databases" and select "Database Configuration". Then go into your Windows database and click 'configure'. The very first option is a
checkbox giving you the option to 'Verify that grant dialin permission is checked'.
Checking this box will cause the error that you are receiving if your windows users do not have dialin permission. If you uncheck this box, it should clear up the issue.
HTH
JK
10-07-2009 07:45 AM
Hi,
Did you check the authentication with ACS local user account? was that working?
Please go to ACS > reports and activity > failed attempts > and check the error message.
Also, Is this ACS for windows or Solution engine? If ACS windows, where we have this installed (member server or DC)?
From the NAS devices, please jelp me with the following debugs:
#debug aaa authentication
#debug tacacs
HTH
JK
Plz rate helpful posts.
10-07-2009 08:21 AM
message says "windows dialing permission required"
i didnt check the authentication with ACS using local account...can i know how to check that?
this ACS is for windows & installed on a member server with remote agent running on the server.
i can see the remote agent in acs under network configuration.
Thanks!
10-07-2009 08:32 AM
Hi,
There are two ways to fix the 'windows dialin permission required' message. You can either add dialin permissions on the user accounts on your Windows database, or you can remove the 'Require Dialin Permissions' option in ACS. To do this, go to "External User Databases" and select "Database Configuration". Then go into your Windows database and click 'configure'. The very first option is a
checkbox giving you the option to 'Verify that grant dialin permission is checked'.
Checking this box will cause the error that you are receiving if your windows users do not have dialin permission. If you uncheck this box, it should clear up the issue.
HTH
JK
10-07-2009 06:27 PM
Thanks..that helped to get over the problem.
But i hope removing that option from ACS doesnt affect any other service.
10-08-2009 03:43 AM
Hi,
Thats correct, it won't hault any other service of ACS.
10-08-2009 05:38 AM
Thank You!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide