My question to everyone is as follows. I have ACS 3.0 and have been authenticating via my NT domain for quite some time now. My company finished their AD rollout and since the ACS rests on an old BDC (not Win2k) I am holding up their upgrade. I have ACS 3.0 now on a Win2k member server and cannot get it to aunthenticate to the domain. When I try to setup the log on as a service and act as part of the OS with the new AD account I created, I get an arror saying it couldn't contact the doamin. This would make sense but the user list propogates with users from the domain. Please help. I know that's a lot of info. Thank you very much.
Finally we stopped investigations into 3.0 and have upgraded to 3.1. There the problem has definitely been solved. A couple of workarounds for ACS 3.0 exist but they have not worked. You can try the following steps but in our case they have not solved the problem:
1.Uncheck the box that will require the user to have been granted Dial-in Access in the AD. This can be completed in ACS by navigating to the External User Databases -> Database Configuration section. Next select Windows NT/2000, then Configure.
2.Add all users to the Pre-Windows 2000 Compatible Access group in the AD. This will allow read access to the AD by these accounts.
3.Change the logon credentials for the ACS services to use a domain administrator account. Often times the local member server administrator account does not have any rights on the AD.
4.Ensure the ACS services start with the Domain Administrator account.
o Ensure you are able to log in to the server using this Domain Administrator account .
o Ensure the Domain Administrator account (or the account with which the services start) have privileges to log on locally, Log on as a service and Act as part of the operating system.
5.Remove database group mappings and use only all other combinations.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...