Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AAA Enable failing on second ACS Server

I have 2 Windows 2003 servers running ACS 4.2, authenticating with AD. I have configured TACACS+ authentication on both for my PIX 515 running version 7.24. TACACS+ authentication works fine on both. However, when I use the "aaa authentication enable console ProsperAdminAuth LOCAL" , the enable password works only with the first ACS server. When the first server is unavailable, it fails on the second ACS server and the Failed Authentication on ACS reports "ACS password invalid". It does not allow the LOCAL password either. I have verified all password and there is no issue there. I know that for sure because TACACS auth works. Anyone seen this issue or know what I could try?

Thanks

Vivek

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: AAA Enable failing on second ACS Server

Hello,

     External Database configuration is not replicated between ACS servers so my guess here is that on your secondary ACS if you go to External User Databases -> Unknown User Policy you will find that under Configure Enable Password Behavior you are set to "The Internal Database" instead of "The database in which the user profile is held."

--Jesse

2 REPLIES
Cisco Employee

Re: AAA Enable failing on second ACS Server

Hello,

     External Database configuration is not replicated between ACS servers so my guess here is that on your secondary ACS if you go to External User Databases -> Unknown User Policy you will find that under Configure Enable Password Behavior you are set to "The Internal Database" instead of "The database in which the user profile is held."

--Jesse

New Member

Re: AAA Enable failing on second ACS Server

That was it. Thanks so much for your help. Really appreciate it.

926
Views
0
Helpful
2
Replies
CreatePlease login to create content