Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1399
Views
0
Helpful
3
Replies

Authentication from Windows based ACS to external Windows DB

sdoherty
Level 1
Level 1

‎07-16-2010 12:51 PM - edited ‎03-10-2019 05:15 PM

We have a VPN and a WiFi authentications thru an ACS @ 4.x to an external database.   Using the unknown user policy pointing to an windwos database this config works at one of our sites (main site).  The main site replicates to our backup site  but does not of course replicate the dynamic users.  The problem is that our backup site does not authenticate any users via the windows DB - both sites are configured the same.    Also the backup site does work once in a while but u must preface your account with the domain.

Here is the error as reported by windows;

help - tnks!

Logon Failure:

Reason: Unknown user name or bad password

User Name: doherty

Domain: usc

Logon Type: 3

Logon Process: CISCO

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Workstation Name: CISCO

Caller User Name: COSC-LAN-RADIUS$

Caller Domain: USC

Caller Logon ID: (0x0,0x3E7)

Caller Process ID: 1424

Transited Services: -

Source Network Address: -

Source Port: -

Labels:
0 Helpful
3 Replies 3

Jatin Katyal
Cisco Employee
Cisco Employee

‎07-17-2010 04:03 AM

Looks like  you are getting a user format in a different format and AD is unable to recognised causes authentication failed.


-Could you please send me the failed attempt from the ACS report and activity > failed attempts

-Also send me the screen shot from external user database >> windows database configuration  > unknown user policy.

- And what is the model and make of your secondary ACS?


HTH

JK


Do rate helpful posts-

~Jatin
0 Helpful

sdoherty
Level 1
Level 1
In response to Jatin Katyal

‎07-20-2010 06:19 AM

07/20/2010

09:14:46

Authen failed

doherty

Invalid User Group

192.168.2.8

Internal error

..

..

7866

156.119.152.1

THE SECONDARY ACS IS Running on a windows box... All the configs are the

same as the Primary ACS. THANKYOU

From:

jkatyal

To:

SEAN DOHERTY

Date:

07/17/2010 07:03 AM

Subject:

New message: "Authentication from Windows based ACS to external

Windows DB"

sdoherty,

A new message was posted in the Discussion thread "Authentication from

Windows based ACS to external Windows DB":

https://supportforums.cisco.com/message/3139232#3139232

Author : jkatyal

Profile : https://supportforums.cisco.com/people/jkatyal

Message:

0 Helpful

sdoherty
Level 1
Level 1
In response to sdoherty

‎07-29-2010 11:50 AM

Resolved by the TAC - our AD server was upgraded to 2008 so we had to upgrade the ACS to 4.2.15

0 Helpful
Customers Also Viewed These Support Documents