cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
702
Views
0
Helpful
1
Replies

ACS 4.0 and german password characters???

lauer.m.enderle
Level 1
Level 1

Hello. I have attempted to map ACS 4.0 to Windows AD 2003 as an External Database.

This all works fine. The only weird thing is that ACS doesn't accept user passwords containing german special characters (such as ä,ö,ü).

From the file "C:\Program Files\CiscoSecure ACS v4.0\CSAuth\Logs\AUTH.log" I get the following information:

AUTH 14/02/2006 14:35:13 I 1554 2088 pvAuthenticateUser: authenticate 'testuser1' against Windows Database

AUTH 14/02/2006 14:35:13 I 0376 2088 External DB [NTAuthenDLL.dll]: Starting authentication for user [testuser1]

AUTH 14/02/2006 14:35:13 I 0376 2088 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user testuser1

AUTH 14/02/2006 14:35:13 E 0376 2088 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)

AUTH 14/02/2006 14:35:13 I 0376 2088 External DB [NTAuthenDLL.dll]: Reattempting authentication at domain TESTDOMAIN1

AUTH 14/02/2006 14:35:13 I 0376 2088 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user testuser1

AUTH 14/02/2006 14:35:13 E 0376 2088 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)

AUTH 14/02/2006 14:35:13 I 0376 2088 External DB [NTAuthenDLL.dll]: Reattempting authentication at domain TESTDOMAIN2

AUTH 14/02/2006 14:35:13 I 0376 2088 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user testuser12

AUTH 14/02/2006 14:35:13 E 0376 2088 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)

AUTH 14/02/2006 14:35:13 I 0143 2088 [PDE]: PolicyMgr::TerminateContext: context id=1 is deleted

AUTH 14/02/2006 14:35:13 I 5081 2088 Done RQ1026, client 2, status -2052

When I set the user password (on the AD Server 2003) without an german umlaut (ä, ö..) the authentication process works fine:

AUTH 14/02/2006 15:46:35 I 1554 1840 pvAuthenticateUser: authenticate 'testuser1' against Windows Database

AUTH 14/02/2006 15:46:35 I 0376 1840 External DB [NTAuthenDLL.dll]: Starting authentication for user [testuser1]

AUTH 14/02/2006 15:46:35 I 0376 1840 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user testuser1

AUTH 14/02/2006 15:46:35 I 0376 1840 External DB [NTAuthenDLL.dll]: Windows authentication SUCCESSFUL (by TESTSRV01)

AUTH 14/02/2006 15:46:35 I 0376 1840 External DB [NTAuthenDLL.dll]: User mapped to ACS group id [5]

AUTH 14/02/2006 15:46:35 I 0143 1840 [PDE]: PdeAttributeSet::addAttribute: PDE-Group-ID-16=5

AUTH 14/02/2006 15:46:35 I 0143 1840 [PDE]: PolicyMgr::Process: request type=4; context id=1; applied default profiles (0) - do nothing

AUTH 14/02/2006 15:46:35 I 0143 1840 [PDE]: PolicyMgr::TerminateContext: context id=1 is deleted

AUTH 14/02/2006 15:46:35 I 5081 1840 Done RQ1026, client 2, status 0

Any ideas ?

Is this an known issue in this release ? At the moment we map ACS 2.6 to Windows NT 4 as an External Database. In this configuration the

authentication process works as well with german password characters!!!

Thanks for help!

Best Regards

Matthias Enderle

1 Reply 1

darpotter
Level 5
Level 5

Hi

Looks like you are doing PAP, if you switch to MSCHAP then ACS will never see the password (only a hash created by the supplicant)

This will tell you whether the problem is ACS or AD.

Darran

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: