Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACS 3.3, changed the domain administrator password and ACS broke

I did not setup the TACACS. I want to disable the AD administrator account, but it appears to be needed by ACS.

I changed the administrator PW and TACACS stops working. The ACS windows services all start using the administrator acount. If I change them to use another domain admin account they start, but disabling administrator again breaks TACACS.

Ideas?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ACS 3.3, changed the domain administrator password and ACS b

I am not sure your point.

Again, your windows ACS services are run by Windows AD admin account. ACS will use that account to login to AD for user authentication. If you disable the Window AD admin account or change its password, ACS could not login to AD to authenticate the user. That's probably the reason that TACACS authentication was failed after you changed windows AD admin account. In ACS External User DB configuration, you should see the related Windows AD.

5 REPLIES

Re: ACS 3.3, changed the domain administrator password and ACS b

In your setup, your ACS probably need to talk to Windows AD (configured as external DB in ACS) for authenticating the user. ACS must use an account which has the privilege to let it to query the AD. In general, most user use an domain admin account to run ACS service in windows to make sure that ACS can use the same domain admin account to check AD.

Community Member

Re: ACS 3.3, changed the domain administrator password and ACS b

Inside of the ACS web app I do not see anywhere that the administrator account or any other account is authentcating.

- Ted

Re: ACS 3.3, changed the domain administrator password and ACS b

I am not sure your point.

Again, your windows ACS services are run by Windows AD admin account. ACS will use that account to login to AD for user authentication. If you disable the Window AD admin account or change its password, ACS could not login to AD to authenticate the user. That's probably the reason that TACACS authentication was failed after you changed windows AD admin account. In ACS External User DB configuration, you should see the related Windows AD.

Community Member

Re: ACS 3.3, changed the domain administrator password and ACS b

If I change the ACS services to log in with a different domain admin account it does not fix the problem. Disabling the admin account breaks ACS. Something still needs the administrator account.

Re: ACS 3.3, changed the domain administrator password and ACS b

As long as you use a domain admin account to run all ACS service, it should work.

Could you please confirm if the new account is a domain admin account and has the same privilege as the previous one.

The link below provides the info about this.

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/installation/guide/windows/postin.html

418
Views
0
Helpful
5
Replies
CreatePlease to create content