07-16-2010 12:51 PM - edited 03-10-2019 05:15 PM
We have a VPN and a WiFi authentications thru an ACS @ 4.x to an external database. Using the unknown user policy pointing to an windwos database this config works at one of our sites (main site). The main site replicates to our backup site but does not of course replicate the dynamic users. The problem is that our backup site does not authenticate any users via the windows DB - both sites are configured the same. Also the backup site does work once in a while but u must preface your account with the domain.
Here is the error as reported by windows;
help - tnks!
Logon Failure:
Reason: Unknown user name or bad password
User Name: doherty
Domain: usc
Logon Type: 3
Logon Process: CISCO
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: CISCO
Caller User Name: COSC-LAN-RADIUS$
Caller Domain: USC
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1424
Transited Services: -
Source Network Address: -
Source Port: -
07-17-2010 04:03 AM
Looks like you are getting a user format in a different format and AD is unable to recognised causes authentication failed.
-Could you please send me the failed attempt from the ACS report and activity > failed attempts
-Also send me the screen shot from external user database >> windows database configuration > unknown user policy.
- And what is the model and make of your secondary ACS?
HTH
JK
Do rate helpful posts-
07-20-2010 06:19 AM
07/20/2010
09:14:46
Authen failed
doherty
Invalid User Group
192.168.2.8
Internal error
..
..
7866
156.119.152.1
THE SECONDARY ACS IS Running on a windows box... All the configs are the
same as the Primary ACS. THANKYOU
From:
jkatyal
To:
SEAN DOHERTY
Date:
07/17/2010 07:03 AM
Subject:
New message: "Authentication from Windows based ACS to external
sdoherty,
A new message was posted in the Discussion thread "Authentication from
Windows based ACS to external Windows DB":
https://supportforums.cisco.com/message/3139232#3139232
Author : jkatyal
Profile : https://supportforums.cisco.com/people/jkatyal
Message:
07-29-2010 11:50 AM
Resolved by the TAC - our AD server was upgraded to 2008 so we had to upgrade the ACS to 4.2.15
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide