Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1399
Views
3
Helpful
6
Replies

ACS authentication problem with tacacs

Go to solution
suthomas1
Level 6
Level 6

‎10-07-2009 07:35 AM - edited ‎03-10-2019 04:43 PM

My organisation had been using ACS with AD to authenticate users for accessing Network devices.

But lately it doesnt work. There have been no known changes.

Can someone help to point possible issues or any links to see how the actual config on ACS should be done or look like for this to work.

Apologies if this is naive question, as am not so easy with ACS.

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to suthomas1

‎10-07-2009 08:32 AM

Hi,

There are two ways to fix the 'windows dialin permission required' message. You can either add dialin permissions on the user accounts on your Windows database, or you can remove the 'Require Dialin Permissions' option in ACS. To do this, go to "External User Databases" and select "Database Configuration". Then go into your Windows database and click 'configure'. The very first option is a

checkbox giving you the option to 'Verify that grant dialin permission is checked'.

Checking this box will cause the error that you are receiving if your windows users do not have dialin permission. If you uncheck this box, it should clear up the issue.

HTH

JK

~Jatin

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎10-07-2009 07:45 AM

Hi,

Did you check the authentication with ACS local user account? was that working?

Please go to ACS > reports and activity > failed attempts > and check the error message.

Also, Is this ACS for windows or Solution engine? If ACS windows, where we have this installed (member server or DC)?

From the NAS devices, please jelp me with the following debugs:

#debug aaa authentication

#debug tacacs

HTH

JK

Plz rate helpful posts.

~Jatin

Go to solution
suthomas1
Level 6
Level 6
In response to Jatin Katyal

‎10-07-2009 08:21 AM

message says "windows dialing permission required"

i didnt check the authentication with ACS using local account...can i know how to check that?

this ACS is for windows & installed on a member server with remote agent running on the server.

i can see the remote agent in acs under network configuration.

Thanks!

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to suthomas1

‎10-07-2009 08:32 AM

Hi,

There are two ways to fix the 'windows dialin permission required' message. You can either add dialin permissions on the user accounts on your Windows database, or you can remove the 'Require Dialin Permissions' option in ACS. To do this, go to "External User Databases" and select "Database Configuration". Then go into your Windows database and click 'configure'. The very first option is a

checkbox giving you the option to 'Verify that grant dialin permission is checked'.

Checking this box will cause the error that you are receiving if your windows users do not have dialin permission. If you uncheck this box, it should clear up the issue.

HTH

JK

~Jatin
0 Helpful

Go to solution
suthomas1
Level 6
Level 6
In response to Jatin Katyal

‎10-07-2009 06:27 PM

Thanks..that helped to get over the problem.

But i hope removing that option from ACS doesnt affect any other service.

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to suthomas1

‎10-08-2009 03:43 AM

Hi,

Thats correct, it won't hault any other service of ACS.

~Jatin
0 Helpful

Go to solution
suthomas1
Level 6
Level 6
In response to Jatin Katyal

‎10-08-2009 05:38 AM

Thank You!

0 Helpful
Customers Also Viewed These Support Documents