ACS 4.0 to NT Domain with NTLMv2 problem.

Unanswered Question
Feb 16th, 2006
User Badges:

I am trying to authenticate users from a VPN Concentrator (3030) to our NT Domain. We are not running AD yet but we are required to use NTLMv2 authentication on the Domain.


I want to use ACS4.0 to authenticate Radius w/Expiry from the VPN concentrator and let ACS handle the NTLMv2 part.


In ACS I have defined my Domain in the External Users Database, I have defined the Unknown User Policy to use the Windows Database, and I have defined the Group Mapping to point to the default group.


When I run the Authentication test from the VPN setup screen I get a failed request.


In the CSAuth log I am getting:


AUTH 02/16/2006 15:13:42 E 0376 1572 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)

AUTH 02/16/2006 15:13:42 E 0376 1572 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)


With NTLMv2 turned off and running ACS 3.2 this setup is working (My production network) My only reason for upgrading to ACS4.0 was the NTLMv2 portion.


Does anyone have any advise? thanks!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jhillend Fri, 03/03/2006 - 10:58
User Badges:
  • Bronze, 100 points or more

Please make sure you read this Field Notice:


http://www-tac.cisco.com/Support_Library/field_alerts/fn62167.html


Note that, despite the Windows URL mentioning only 2003 server, the 2000 server also supports NTLMv2. Therefore, the following scenarios apply:


- DC on Win 2003 SP1 - don't require any hotfix since it's included in SP1

- DC on Win 2000 SP4 - don't require any hotfix since it's included in SP4

- DC on Win 2003 - require hotfix KB893318



Actions

This Discussion